The affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents.
[
{
"defaultStatus": "unaffected",
"product": "TBox RM2",
"vendor": "Ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TBox TG2",
"vendor": "Ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TBox LT2",
"vendor": "Ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TBox MS-CPU32-S2",
"vendor": "Ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TBox MS-CPU32",
"vendor": "Ovarro",
"versions": [
{
"lessThanOrEqual": "1.50.598",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]