Most importantly this security malfunction allows the authorized attacker to inject instructions that will be used when the device checks for updates.
Some of the vulnerabilities identified (CVE-2021-23147) may allow the attacker with physical access to the device to connect to the UART port via serial connection and use the commands as root without authentication.
Read More: Securityweek
For more such updates follow us on Google News ITsecuritywire News
