EndRun Technologies Sonoma D12 Network Time Server Directory Traversal Vulnerability

A directory traversal vulnerability has been identified in the EndRun Technologies Sonoma D12 Network Time Server (GPS) firmware version 6010-0076-000 Ver 4.00. This vulnerability allows attackers to access sensitive information by exploiting improper input validation that permits file path manipulation.

Impact

Exploitation of this vulnerability could lead to arbitrary file access and unauthorized information disclosure.

Remediation

The vendor has confirmed that the web-management access can be temporarily disabled as an effective mitigation step until an official patch is available. This can be done by removing the execute permission from the httpd management script, copying the original script to a backup location, and rebooting the system. However, this step should be validated in a controlled environment and coordinated with operational teams to assess the impact before applying it in production.