Friday, January 24, 2020

[Post Oak Traffic Systems] - AWAM Bluetooth Field Device -RCE - (CVE-2020-9021)

"AWAM Bluetooth Field Device " devices, as the company behind them "" says, are devices for monitoring traffic, by capturing the MAC addresses of the Bluetooth devices that you could commonly have in your car, such as cell phone, headphones or the car's own bluetooth. This simply seemed very interesting, so I decided to test the safety of these devices.

As I recently got an injection of code in a device with similar characteristics I decided to try the same route

So, in the "Time Settings" function it is possible to inject commands, just by casting ";" after the hostname of the NTP server to which you want to synchronize. So using "Curl" I assemble the following command to achieve a reverse shell


Affected versions:

Firmware Version 7400v2.08.21.2018
Firmware Version 7800SD.2015.1.16
Firmware Version 2011.3
Firmware Version 7400v2.02.01.2019
Firmware Version 7800SD.2012.12.5

By: @linuxmonr4



2 comentarios:

  1. Thank you for writing this tremendous top quality article. The information in this material confirms my point of view and you really laid it out well. I could never have written an article this good. macbook psd

  2. Bless you for this particular info I had been exploring all Bing to uncover it! iphone sketch