Skip to main content

Sonoma D12 Firmware

12 CVEs product

Monthly

CVE-2025-60969 MEDIUM This Month

Path traversal in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0076-000 Ver 4.00) exposes sensitive files to authenticated network attackers. The flaw resides in the device's web interface, where insufficiently validated path input allows an attacker to escape the intended directory root and read arbitrary files from the underlying filesystem. No public exploit code or active exploitation has been confirmed at time of analysis, but a third-party security researcher advisory exists at xdiv-sec.github.io detailing the issue.

Path Traversal Sonoma D12 Firmware
NVD
CVSS 3.1
5.7
EPSS
0.6%
CVE-2025-60967 HIGH This Week

Cross-site scripting in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0076-000, version 4.00) lets an attacker inject script into the appliance's web management interface, executing in the browser of an authenticated operator who views the malicious content and enabling theft of session data and sensitive configuration information. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:R) indicates a remote, low-complexity attack that requires low-privilege access to inject and victim interaction to trigger. No public exploit identified at time of analysis, though a third-party research advisory (xdiv-sec) documents the finding; EPSS is low at 0.28% (20th percentile).

XSS Sonoma D12 Firmware
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2025-60965 CRITICAL Act Now

Authenticated OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000, Ver 4.00) lets a privileged remote user inject arbitrary operating-system commands that run outside the vulnerable component, yielding full device takeover, denial of service, privilege escalation, and disclosure of sensitive timing/configuration data. Because Network Time Servers act as an authoritative time source for entire environments, compromise can cascade into time-manipulation attacks against downstream systems (logging, certificates, Kerberos). This is no public exploit identified at time of analysis, though a third-party advisory (xdiv-sec) documents the flaw; EPSS is modest at 1.63% (73rd percentile).

Command Injection Denial Of Service RCE Sonoma D12 Firmware
NVD
CVSS 3.1
9.1
EPSS
1.6%
CVE-2025-60964 CRITICAL Act Now

OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000, Ver 4.00) lets an authenticated high-privileged operator inject shell commands into the appliance's underlying OS, escaping the management application to run arbitrary code as the device. Because the appliance is a hardened timing source, successful exploitation yields full compromise: code execution, denial of service, privilege escalation, and disclosure of sensitive data. No public exploit is identified at time of analysis, though a third-party research advisory (xdiv-sec) documents the finding; the EPSS score is moderate at 1.63% (73rd percentile) and the CVE is not on CISA KEV.

Command Injection Denial Of Service RCE Sonoma D12 Firmware
NVD
CVSS 3.1
9.1
EPSS
1.6%
CVE-2025-60963 HIGH This Week

OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.00) lets remote attackers inject shell commands that the appliance executes, enabling arbitrary code execution, denial of service, privilege escalation, and disclosure of sensitive data. The NVD CVSS 3.1 base score is 8.2 (AV:N/AC:L/PR:N/UI:N) and a third-party technical advisory (xdiv-sec) has been published, but there is no public exploit identified at time of analysis and the flaw is not on CISA KEV. EPSS is modest at 1.20% (64th percentile), indicating no observed mass exploitation to date.

Command Injection Denial Of Service RCE Sonoma D12 Firmware
NVD
CVSS 3.1
8.2
EPSS
1.2%
CVE-2025-60962 HIGH This Week

OS command injection in EndRun Technologies' Sonoma D12 GPS Network Time Server (firmware 6010-0071-000, version 4.00) lets remote attackers inject operating-system commands through the appliance's management interface, exposing sensitive information and, per the CVSS integrity rating, allowing manipulation of the device. The vendor-supplied CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N, score 8.2) indicates network-reachable, low-complexity exploitation, and an independent security-research advisory (xdiv-sec) documents the flaw. No public exploit identified at time of analysis and it is not listed in CISA KEV; EPSS is 1.00% (59th percentile), signaling low measured exploitation activity so far.

Command Injection Sonoma D12 Firmware
NVD
CVSS 3.1
8.2
EPSS
1.0%
CVE-2025-60961 MEDIUM This Month

Cross-site scripting in EndRun Technologies Sonoma D12 GPS Network Time Server firmware 6010-0071-000 Ver 4.00 allows a remote unauthenticated attacker to inject and execute malicious scripts in the context of an authenticated user's browser session against the device's web management interface. Exploitation requires the attacker to trick an administrator into interacting with a crafted URL or page, after which the scope crosses into the victim's browser context, enabling session theft or credential harvesting. No public exploit confirmed at time of analysis, and EPSS of 0.22% (13th percentile) signals low automated exploitation activity.

XSS Sonoma D12 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-60960 HIGH This Week

OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000, Ver 4.00) lets remote attackers inject operating-system commands into the appliance, enabling arbitrary code execution, privilege escalation, disclosure of sensitive data, and disruption of the device's timing service. A third-party advisory (xdiv-sec) documents the issue, but no public exploit was identified at time of analysis and it is not listed in CISA KEV; EPSS is modest at 1.20% (64th percentile). Because this device supplies authoritative time to dependent infrastructure, compromise can cascade beyond the appliance itself.

Command Injection Denial Of Service RCE Sonoma D12 Firmware
NVD
CVSS 3.1
8.2
EPSS
1.2%
CVE-2025-60959 HIGH This Week

OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.00) lets remote attackers inject operating-system commands and extract sensitive information from the appliance. The flaw is reachable over the network without authentication per the published CVSS vector, and a third-party security advisory (xdiv-sec) documents the issue. No public exploit identified at time of analysis, and EPSS probability is low (1.00%, 59th percentile).

Command Injection Sonoma D12 Firmware
NVD
CVSS 3.1
8.2
EPSS
1.0%
CVE-2025-60958 HIGH This Week

Cross-site scripting in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.00) lets an attacker inject script into the device's web management interface to steal sensitive information such as session data or configuration from an authenticated operator. Exploitation requires a low-privileged authenticated context and victim interaction (a user must load the malicious content), and there is no public exploit identified at time of analysis, though a third-party advisory (xdiv-sec) documenting the flaw is publicly available. EPSS is low at 0.28% (20th percentile), and the issue is not listed in CISA KEV.

XSS Sonoma D12 Firmware
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2025-60957 CRITICAL Act Now

Authenticated command injection in EndRun Technologies Sonoma D12 GPS Network Time Server firmware (build 6010-0071-000, Ver 4.00) lets a low-privileged user inject OS commands that run on the underlying appliance, yielding arbitrary code execution, privilege escalation, information disclosure, and denial of service. The CVSS 3.1 vector (AV:N/AC:L/PR:L/S:C) shows a network-reachable, low-complexity flaw whose scope change lets a foothold on the management interface compromise the whole device. A third-party advisory (xdiv-sec) documents the issue; there is no public exploit identified and no CISA KEV listing at time of analysis, and EPSS is a modest 1.58% (73rd percentile).

Command Injection Denial Of Service RCE Sonoma D12 Firmware
NVD
CVSS 3.1
9.9
EPSS
1.6%
CVE-2025-60956 HIGH This Week

Cross-site request forgery in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.00) lets a remote attacker forge state-changing web requests that a logged-in operator's browser executes, chaining into arbitrary code execution, denial of service, privilege escalation, and disclosure of sensitive data on the appliance. Any organization relying on this GPS-disciplined NTP appliance for time synchronization is affected. No public exploit identified at time of analysis, though an independent research advisory (xdiv-sec) documenting the flaw has been published.

CSRF Denial Of Service RCE Sonoma D12 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.2%
EPSS 1% CVSS 5.7
MEDIUM This Month

Path traversal in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0076-000 Ver 4.00) exposes sensitive files to authenticated network attackers. The flaw resides in the device's web interface, where insufficiently validated path input allows an attacker to escape the intended directory root and read arbitrary files from the underlying filesystem. No public exploit code or active exploitation has been confirmed at time of analysis, but a third-party security researcher advisory exists at xdiv-sec.github.io detailing the issue.

Path Traversal Sonoma D12 Firmware
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Cross-site scripting in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0076-000, version 4.00) lets an attacker inject script into the appliance's web management interface, executing in the browser of an authenticated operator who views the malicious content and enabling theft of session data and sensitive configuration information. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:R) indicates a remote, low-complexity attack that requires low-privilege access to inject and victim interaction to trigger. No public exploit identified at time of analysis, though a third-party research advisory (xdiv-sec) documents the finding; EPSS is low at 0.28% (20th percentile).

XSS Sonoma D12 Firmware
NVD
EPSS 2% CVSS 9.1
CRITICAL Act Now

Authenticated OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000, Ver 4.00) lets a privileged remote user inject arbitrary operating-system commands that run outside the vulnerable component, yielding full device takeover, denial of service, privilege escalation, and disclosure of sensitive timing/configuration data. Because Network Time Servers act as an authoritative time source for entire environments, compromise can cascade into time-manipulation attacks against downstream systems (logging, certificates, Kerberos). This is no public exploit identified at time of analysis, though a third-party advisory (xdiv-sec) documents the flaw; EPSS is modest at 1.63% (73rd percentile).

Command Injection Denial Of Service RCE +1
NVD
EPSS 2% CVSS 9.1
CRITICAL Act Now

OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000, Ver 4.00) lets an authenticated high-privileged operator inject shell commands into the appliance's underlying OS, escaping the management application to run arbitrary code as the device. Because the appliance is a hardened timing source, successful exploitation yields full compromise: code execution, denial of service, privilege escalation, and disclosure of sensitive data. No public exploit is identified at time of analysis, though a third-party research advisory (xdiv-sec) documents the finding; the EPSS score is moderate at 1.63% (73rd percentile) and the CVE is not on CISA KEV.

Command Injection Denial Of Service RCE +1
NVD
EPSS 1% CVSS 8.2
HIGH This Week

OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.00) lets remote attackers inject shell commands that the appliance executes, enabling arbitrary code execution, denial of service, privilege escalation, and disclosure of sensitive data. The NVD CVSS 3.1 base score is 8.2 (AV:N/AC:L/PR:N/UI:N) and a third-party technical advisory (xdiv-sec) has been published, but there is no public exploit identified at time of analysis and the flaw is not on CISA KEV. EPSS is modest at 1.20% (64th percentile), indicating no observed mass exploitation to date.

Command Injection Denial Of Service RCE +1
NVD
EPSS 1% CVSS 8.2
HIGH This Week

OS command injection in EndRun Technologies' Sonoma D12 GPS Network Time Server (firmware 6010-0071-000, version 4.00) lets remote attackers inject operating-system commands through the appliance's management interface, exposing sensitive information and, per the CVSS integrity rating, allowing manipulation of the device. The vendor-supplied CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N, score 8.2) indicates network-reachable, low-complexity exploitation, and an independent security-research advisory (xdiv-sec) documents the flaw. No public exploit identified at time of analysis and it is not listed in CISA KEV; EPSS is 1.00% (59th percentile), signaling low measured exploitation activity so far.

Command Injection Sonoma D12 Firmware
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross-site scripting in EndRun Technologies Sonoma D12 GPS Network Time Server firmware 6010-0071-000 Ver 4.00 allows a remote unauthenticated attacker to inject and execute malicious scripts in the context of an authenticated user's browser session against the device's web management interface. Exploitation requires the attacker to trick an administrator into interacting with a crafted URL or page, after which the scope crosses into the victim's browser context, enabling session theft or credential harvesting. No public exploit confirmed at time of analysis, and EPSS of 0.22% (13th percentile) signals low automated exploitation activity.

XSS Sonoma D12 Firmware
NVD
EPSS 1% CVSS 8.2
HIGH This Week

OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000, Ver 4.00) lets remote attackers inject operating-system commands into the appliance, enabling arbitrary code execution, privilege escalation, disclosure of sensitive data, and disruption of the device's timing service. A third-party advisory (xdiv-sec) documents the issue, but no public exploit was identified at time of analysis and it is not listed in CISA KEV; EPSS is modest at 1.20% (64th percentile). Because this device supplies authoritative time to dependent infrastructure, compromise can cascade beyond the appliance itself.

Command Injection Denial Of Service RCE +1
NVD
EPSS 1% CVSS 8.2
HIGH This Week

OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.00) lets remote attackers inject operating-system commands and extract sensitive information from the appliance. The flaw is reachable over the network without authentication per the published CVSS vector, and a third-party security advisory (xdiv-sec) documents the issue. No public exploit identified at time of analysis, and EPSS probability is low (1.00%, 59th percentile).

Command Injection Sonoma D12 Firmware
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Cross-site scripting in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.00) lets an attacker inject script into the device's web management interface to steal sensitive information such as session data or configuration from an authenticated operator. Exploitation requires a low-privileged authenticated context and victim interaction (a user must load the malicious content), and there is no public exploit identified at time of analysis, though a third-party advisory (xdiv-sec) documenting the flaw is publicly available. EPSS is low at 0.28% (20th percentile), and the issue is not listed in CISA KEV.

XSS Sonoma D12 Firmware
NVD
EPSS 2% CVSS 9.9
CRITICAL Act Now

Authenticated command injection in EndRun Technologies Sonoma D12 GPS Network Time Server firmware (build 6010-0071-000, Ver 4.00) lets a low-privileged user inject OS commands that run on the underlying appliance, yielding arbitrary code execution, privilege escalation, information disclosure, and denial of service. The CVSS 3.1 vector (AV:N/AC:L/PR:L/S:C) shows a network-reachable, low-complexity flaw whose scope change lets a foothold on the management interface compromise the whole device. A third-party advisory (xdiv-sec) documents the issue; there is no public exploit identified and no CISA KEV listing at time of analysis, and EPSS is a modest 1.58% (73rd percentile).

Command Injection Denial Of Service RCE +1
NVD
EPSS 0% CVSS 8.0
HIGH This Week

Cross-site request forgery in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.00) lets a remote attacker forge state-changing web requests that a logged-in operator's browser executes, chaining into arbitrary code execution, denial of service, privilege escalation, and disclosure of sensitive data on the appliance. Any organization relying on this GPS-disciplined NTP appliance for time synchronization is affected. No public exploit identified at time of analysis, though an independent research advisory (xdiv-sec) documenting the flaw has been published.

CSRF Denial Of Service RCE +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy