MOBATime is aware of newly published vulnerabilities of the ntp-4.2.8p15 library. The library is used in the MOBATime DTS devices as indicated in the manuals.
The four Vulnerabilities CVE-2023-26551, CVE-2023-26552, CVE-2023-26553, CVE-2023-26554 are related to the ntpq service. ntpq is used to get the status information about the ntpd service. In our devices, this service can be limited to local access or disabled completely. Our security recommendation is to disable the NTP queries (As already described in our Security guideline). If the NTP queries are disabled the devices are not affected by the vulnerabilities.
The last vulnerability CVE-2023-26555 concerns a driver used for serial clock references, which we do not use in any of the MOBATime timeservers or master clocks products.
Our NTP clocks (analogue and digital) are not affected by any of these vulnerabilities, as the affected NTP library is not used.
More information and a discussion of the vulnerabilities are available at the following links:
https://github.com/spwpun/ntp-4.2.8p15-cves
https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1
If you have any questions, please feel free to contact us.
0120 6909582
Office No TS 1503-1505, 14th Floor, Galaxy Blue Sapphire, Plot No C-03, Sector -4, Greater Noida (West), Uttar Pradesh - 201309
info@mobatime.in
14th, April, 2023 
14th, April, 2023 
Office No TS 1503-1505, 14th Floor, Galaxy Blue Sapphire, Plot No C-03, Sector -4, Greater Noida (West), Uttar Pradesh - 201309
