The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
ovarro tbox_ms-cpu32_firmware |
||
ovarro tbox_ms-cpu32-s2_firmware |
||
ovarro tbox_lt2_firmware |
||
ovarro tbox_tg2_firmware |
||
ovarro tbox_rm2_firmware |
Vulmon