10
CVE-2020-8964
- EPSS 2.93%
- Veröffentlicht 13.02.2020 03:15:10
- Zuletzt bearbeitet 21.11.2024 05:39:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginTimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to bypass authentication by placing t3axs=TiMEtOOlsj7G3xMm52wB in a t3.cgi request, aka a "hardcoded cookie."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Timetoolsltd ≫ Sr9850 Firmware Version1.0.007
Timetoolsltd ≫ Sr9750 Firmware Version1.0.007
Timetoolsltd ≫ Sc9705 Firmware Version1.0.007
Timetoolsltd ≫ Sr9210 Firmware Version1.0.007
Timetoolsltd ≫ Sc9205 Firmware Version1.0.007
Timetoolsltd ≫ Sr7110 Firmware Version1.0.007
Timetoolsltd ≫ Sc7105 Firmware Version1.0.007
Timetoolsltd ≫ T100 Firmware Version1.0.003
Timetoolsltd ≫ T300 Firmware Version1.0.003
Timetoolsltd ≫ T550 Firmware Version1.0.003
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.93% | 0.859 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-798 Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.