OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.00) lets remote attackers inject shell commands that the appliance executes, enabling arbitrary code execution, denial of service, privilege escalation, and disclosure of sensitive data. The NVD CVSS 3.1 base score is 8.2 (AV:N/AC:L/PR:N/UI:N) and a third-party technical advisory (xdiv-sec) has been published, but there is no public exploit identified at time of analysis and the flaw is not on CISA KEV. EPSS is modest at 1.20% (64th percentile), indicating no observed mass exploitation to date.
OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000, Ver 4.00) lets remote attackers inject operating-system commands into the appliance, enabling arbitrary code execution, privilege escalation, disclosure of sensitive data, and disruption of the device's timing service. A third-party advisory (xdiv-sec) documents the issue, but no public exploit was identified at time of analysis and it is not listed in CISA KEV; EPSS is modest at 1.20% (64th percentile). Because this device supplies authoritative time to dependent infrastructure, compromise can cascade beyond the appliance itself.
OS command injection in EndRun Technologies' Sonoma D12 GPS Network Time Server (firmware 6010-0071-000, version 4.00) lets remote attackers inject operating-system commands through the appliance's management interface, exposing sensitive information and, per the CVSS integrity rating, allowing manipulation of the device. The vendor-supplied CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N, score 8.2) indicates network-reachable, low-complexity exploitation, and an independent security-research advisory (xdiv-sec) documents the flaw. No public exploit identified at time of analysis and it is not listed in CISA KEV; EPSS is 1.00% (59th percentile), signaling low measured exploitation activity so far.
OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.00) lets remote attackers inject operating-system commands and extract sensitive information from the appliance. The flaw is reachable over the network without authentication per the published CVSS vector, and a third-party security advisory (xdiv-sec) documents the issue. No public exploit identified at time of analysis, and EPSS probability is low (1.00%, 59th percentile).
Cross-site request forgery in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.00) lets a remote attacker forge state-changing web requests that a logged-in operator's browser executes, chaining into arbitrary code execution, denial of service, privilege escalation, and disclosure of sensitive data on the appliance. Any organization relying on this GPS-disciplined NTP appliance for time synchronization is affected. No public exploit identified at time of analysis, though an independent research advisory (xdiv-sec) documenting the flaw has been published.
Cross-site scripting in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0076-000, version 4.00) lets an attacker inject script into the appliance's web management interface, executing in the browser of an authenticated operator who views the malicious content and enabling theft of session data and sensitive configuration information. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:R) indicates a remote, low-complexity attack that requires low-privilege access to inject and victim interaction to trigger. No public exploit identified at time of analysis, though a third-party research advisory (xdiv-sec) documents the finding; EPSS is low at 0.28% (20th percentile).
Cross-site scripting in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.00) lets an attacker inject script into the device's web management interface to steal sensitive information such as session data or configuration from an authenticated operator. Exploitation requires a low-privileged authenticated context and victim interaction (a user must load the malicious content), and there is no public exploit identified at time of analysis, though a third-party advisory (xdiv-sec) documenting the flaw is publicly available. EPSS is low at 0.28% (20th percentile), and the issue is not listed in CISA KEV.