CVE-2022-40187 Information

Description

Foresight GC3 Launch Monitor 1.3.15.68 ships with a Target Communication Framework (TCF) service enabled. This service listens on a TCP port on all interfaces and allows for process debugging file system modification and terminal access as the root user. In conjunction with a hosted wireless access point and the known passphrase of FSSPORTS an attacker could use this service to modify a device and steal intellectual property.

Reference

https://www.foresightsports.com/gc3 https://www.bushnellgolf.com/products/launch-monitors/launch-pro/ https://wiki.eclipse.org/TCF https://github.com/atredispartners/advisories/blob/master/ATREDIS-2022-0003.md