CVE-2020-8963

Published: Feb 13, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the t3.cgi srmodel or srtime parameter.

Affected (10)

Products: Timetoolsltd: Sr9850 Firmware, Sr9750 Firmware, Sc9705 Firmware, Sr9210 Firmware, Sc9205 Firmware, Sr7110 Firmware, Sc7105 Firmware, T100 Firmware, T300 Firmware, T550 Firmware

10 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Timetoolsltd Sr9850 Firmware	Version 1.0.007

Running on/with	Platform Versions
Timetoolsltd Sr9850	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Timetoolsltd Sr9750 Firmware	Version 1.0.007

Running on/with	Platform Versions
Timetoolsltd Sr9750	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Timetoolsltd Sc9705 Firmware	Version 1.0.007

Running on/with	Platform Versions
Timetoolsltd Sc9705	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Timetoolsltd Sr9210 Firmware	Version 1.0.007

Running on/with	Platform Versions
Timetoolsltd Sr9210	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Timetoolsltd Sc9205 Firmware	Version 1.0.007

Running on/with	Platform Versions
Timetoolsltd Sc9205	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Timetoolsltd Sr7110 Firmware	Version 1.0.007

Running on/with	Platform Versions
Timetoolsltd Sr7110	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Timetoolsltd Sc7105 Firmware	Version 1.0.007

Running on/with	Platform Versions
Timetoolsltd Sc7105	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Timetoolsltd T100 Firmware	Version 1.0.003

Running on/with	Platform Versions
Timetoolsltd T100	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Timetoolsltd T300 Firmware	Version 1.0.003

Running on/with	Platform Versions
Timetoolsltd T300	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Timetoolsltd T550 Firmware	Version 1.0.003

Running on/with	Platform Versions
Timetoolsltd T550	All versions

Related CWEs

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (2)

https://sku11army.blogspot.com/2020/02/timetools-sr-sc-series-network-time.html

Source: cve@mitre.org

ExploitThird Party Advisory

https://sku11army.blogspot.com/2020/02/timetools-sr-sc-series-network-time.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.