Primary

Context

EndRun Technologies Sonoma D12 Network Time Server OS Command Injection Vulnerability

Vulnerability

A command injection vulnerability allowing remote code execution has been identified in the EndRun Technologies Sonoma D12 Network Time Server (GPS) firmware version 6010-0071-000 v4.00. This vulnerability could enable attackers to execute arbitrary commands on the server, potentially leading to unauthorized access or manipulation of the system.

Impact

Exploitation of this vulnerability allows for unauthorized remote code execution, privilege escalation, and full system compromise.

Remediation

The vendor has provided interim mitigation steps to disable web management access until an official patch is available. These steps involve changing the permissions of the httpd management script and rebooting the server. However, this should be validated in a controlled environment before applying in production.

Added: Oct 6, 2025, 5:24 PM

Updated: Oct 6, 2025, 8:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.8

remediation

0.0

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.8

remediation

0.0

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

EndRun Technologies Sonoma D12 Network Time Server OS Command Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating