Galleon NTS-6002-GPS Command Injection vulnerability.
Galleon Systems’ GPS NTP time server had a command injection vulnerability in the firmware of their NTS GPS device which could allow total control of the device through the web management interface.
A vulnerability was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 #4. A low privilege authenticated attacker can perform command injection as the root user, by supplying shell metacharacters to forms on the Network Tools section of the web-management interface. All three networking tools are affected (Ping, Traceroute, and DNS Lookup) and their respective input fields (ping_address, trace_address, nslookup_address).
https://www.pentestpartners.com/security-blog/galleon-nts-6002-gps-command-injection-vulnerability-cve-2022-27224/
@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv
