Certain General Electric Renewable Energy products allow attackers to use a code to trigger a reboot into the factory default configuration. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.
2022-12-26T05:15:11.077
2025-04-12T00:15:16.000
Modified
CVSSv3.1: 9.1 (CRITICAL)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | ge | inet_900_firmware | < 8.3.0 | Yes |
| Hardware | ge | inet_900 | - | No |
| Operating System | ge | inet_ii_900_firmware | < 8.3.0 | Yes |
| Hardware | ge | inet_ii_900 | - | No |
| Operating System | ge | sd1_firmware | ≤ 6.4.7 | Yes |
| Hardware | ge | sd1 | - | No |
| Operating System | ge | sd2_firmware | < 6.4.7 | Yes |
| Hardware | ge | sd2 | - | No |
| Operating System | ge | sd4_firmware | < 6.4.7 | Yes |
| Hardware | ge | sd4 | - | No |
| Operating System | ge | sd9_firmware | < 6.4.7 | Yes |
| Hardware | ge | sd9 | - | No |
| Operating System | ge | td220max_firmware | < 1.2.6 | Yes |
| Hardware | ge | td220max | - | No |
| Operating System | ge | td220x_firmware | < 2.0.16 | Yes |
| Hardware | ge | td220x | - | No |