Foresight GC3 Launch Monitor 1.3.15.68 ships with a Target Communication Framework (TCF) service enabled. This service listens on a TCP port on all interfaces and allows for process debugging, file system modification, and terminal access as the root user. In conjunction with a hosted wireless access point and the known passphrase of FSSPORTS, an attacker could use this service to modify a device and steal intellectual property.
References
Link | Resource |
---|---|
https://github.com/atredispartners/advisories/blob/master/ATREDIS-2022-0003.md | Exploit Third Party Advisory |
https://wiki.eclipse.org/TCF | Third Party Advisory |
https://www.bushnellgolf.com/products/launch-monitors/launch-pro/ | Product |
https://www.foresightsports.com/gc3 | Product |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-13T00:00:00
Updated: 2022-10-13T00:00:00
Reserved: 2022-09-08T00:00:00
Link: CVE-2022-40187
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-10-13T01:15:19.617
Modified: 2022-10-14T19:59:36.943
Link: CVE-2022-40187
JSON object: View
Redhat Information
No data.
CWE