10
CVE-2020-8963
- EPSS 3.25%
- Veröffentlicht 13.02.2020 03:15:10
- Zuletzt bearbeitet 21.11.2024 05:39:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginTimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the t3.cgi srmodel or srtime parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Timetoolsltd ≫ Sr9850 Firmware Version1.0.007
Timetoolsltd ≫ Sr9750 Firmware Version1.0.007
Timetoolsltd ≫ Sc9705 Firmware Version1.0.007
Timetoolsltd ≫ Sr9210 Firmware Version1.0.007
Timetoolsltd ≫ Sc9205 Firmware Version1.0.007
Timetoolsltd ≫ Sr7110 Firmware Version1.0.007
Timetoolsltd ≫ Sc7105 Firmware Version1.0.007
Timetoolsltd ≫ T100 Firmware Version1.0.003
Timetoolsltd ≫ T300 Firmware Version1.0.003
Timetoolsltd ≫ T550 Firmware Version1.0.003
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.25% | 0.867 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.