SHUN HU Technology JUUKO Industrial Radio Remote Control (ICSA-20-301-01)

CISA has published an advisory on authentication bypass by capture-replay and command injection vulnerabilities in SHUN HU Technology JUUKO Industrial Radio Remote Control. JUUKO K-800 and K-808, with firmware versions prior to numbers ending …9A, …9B, …9C, etc., are affected. Successful exploitation of these vulnerabilities could allow attackers to replay commands, control the device, view commands, and/or stop the device from running. SHUN HU Technology has released new firmware that mitigates these vulnerabilities and recommends users contact a sales representative or technical support for assistance on updating firmware. CISA also provides a series of measures to help mitigate the vulnerabilities. Read the advisory at CISA.