N6854A Geolocation Server versions 2.4.2 are vulnerable to untrusted data deserialization, which may allow a malicious actor to escalate privileges in the affected device’s default configuration and achieve remote code execution.
Credits
An anonymous individual working with Trend Micro’s Zero Day Initiative reported this vulnerability to CISA.
