Nautel VX Series transmitters VX SW v6.4.0 and below was discovered to contain a remote code execution (RCE) vulnerability in the firmware update process. This vulnerability allows attackers to execute arbitrary code via supplying a crafted update package to the /#/software/upgrades endpoint.
The vulnerability concerns the firmware update mechanism and is classified as CWE-494 (Download of Code Without Integrity Check). An attacker can upload a malicious update package to the /#/software/upgrades endpoint without needing any privileges. The device does not sufficiently verify the integrity or authenticity of the provided package, resulting in the execution of malicious code contained within it at the system level.
An attacker gains the ability to execute arbitrary code on the device, which can lead to complete takeover of the transmitter, violation of data confidentiality and integrity, and disruption or complete shutdown of its operation.
Apply patches available from the manufacturer according to the references. Until the update is applied, it is recommended to restrict network access to the device management interface (web panel) exclusively to trusted hosts and to implement network segmentation or a firewall blocking unauthorized access to the /#/software/upgrades endpoint.
Nautel VX Series transmitters with VX SW software version 6.4.0 and earlier
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H