Security Advisory

GE MDS Radio Network and Serial Vulnerabilities

Risk Information

Limited Threat

CVE ID

CVE-2017-17562

CVE-2022-24119

CVE-2022-24116

CVE-2022-24118

CVE-2022-24120

CVE-2022-24117

Vunerability Type

Unauthenticated Remote Code Execution

iNET and iNET-II Factory Backdoor Use

iNET and iNET-II Wi-Fi Security Weaknesses

Factory Reset Authentication System

iNET and iNET-II Plaintext storage of system credentials

Unprotected Firmware Update

CVSS3 Score

8.8

6.8

9.1

CVSSv3 Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

iNET/iNET II series radio firmware versions prior to rev. 8.3.0

SD series radio firmware versions prior to rev. 6.4.7

TD220X series radio firmware versions prior to rev. 2.0.16

TD220MAX series radio firmware versions prior to rev. 1.2.6

GE has planned release v8.3.0 to remediate these issues.

03/31/2022