Lucene search
Federico Maggi, Marco Balduzzi, Stephen Hilt, Philippe Lin, Akira Urano, Rainer Vosseler of Trend Micro Security ResearchZDI-18-1362HistoryAug 22, 2022 - 12:00 a.m.
Juuko DATA Packet Command Injection Remote Code Execution Vulnerability
2022-08-2200:00:00
Federico Maggi, Marco Balduzzi, Stephen Hilt, Philippe Lin, Akira Urano, Rainer Vosseler of Trend Micro Security Research
www.zerodayinitiative.com
15
juuko
data packet
command injection
remote code execution
vulnerability
communication processing
unauthorized commands
physical equipment
EPSS
0.005
Percentile
76.6%
This vulnerability allows remote attackers to issue commands on vulnerable installations of Juuko equipment. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of communication between the transmitter and receiver. By using a fixed control code that is used to encode data sent over RF, an attacker can forge unauthorized commands to the receiver. An attacker can leverage this vulnerability to issue commands to the physical equipment controlled by the device.
Related
prion
prion
Command injection
2020-11-02 21:15:00
cvelist
cvelist
CVE-2018-19025
2020-11-02 16:48:15
cve
cve
CVE-2018-19025
2020-11-02 21:15:13
nvd
nvd
CVE-2018-19025
2020-11-02 21:15:13
ics
ics
SHUN HU Technology JUUKO Industrial Radio Remote Control
2020-10-27 12:00:00