Primary

Context

EndRun Technologies Sonoma D12 Network Time Server OS Command Injection Vulnerability

Vulnerability

A command injection vulnerability has been identified in the EndRun Technologies Sonoma D12 Network Time Server (GPS) firmware version 6010-0071-000 v4.00. This vulnerability allows remote attackers to execute arbitrary code, escalate privileges, cause a denial-of-service condition, and access sensitive information.

Impact

Exploitation of this vulnerability could lead to unauthorized remote code execution, privilege escalation, and full system compromise.

Remediation

The vendor has provided interim mitigation steps to disable web-management access. These steps involve changing the permissions of the httpd management script, copying it to a backup location, and rebooting the system. This mitigation should be validated in a controlled environment before applying it in production.

Added: Oct 6, 2025, 5:26 PM

Updated: Oct 6, 2025, 8:29 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.8

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.8

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

EndRun Technologies Sonoma D12 Network Time Server OS Command Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating