CVE-2020-8964

Published: Feb 13, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to bypass authentication by placing t3axs=TiMEtOOlsj7G3xMm52wB in a t3.cgi request, aka a "hardcoded cookie."

Affected (10)

Products: Timetoolsltd: Sr9850 Firmware, Sr9750 Firmware, Sc9705 Firmware, Sr9210 Firmware, Sc9205 Firmware, Sr7110 Firmware, Sc7105 Firmware, T100 Firmware, T300 Firmware, T550 Firmware

10 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Timetoolsltd Sr9850 Firmware	Version 1.0.007

Running on/with	Platform Versions
Timetoolsltd Sr9850	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Timetoolsltd Sr9750 Firmware	Version 1.0.007

Running on/with	Platform Versions
Timetoolsltd Sr9750	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Timetoolsltd Sc9705 Firmware	Version 1.0.007

Running on/with	Platform Versions
Timetoolsltd Sc9705	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Timetoolsltd Sr9210 Firmware	Version 1.0.007

Running on/with	Platform Versions
Timetoolsltd Sr9210	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Timetoolsltd Sc9205 Firmware	Version 1.0.007

Running on/with	Platform Versions
Timetoolsltd Sc9205	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Timetoolsltd Sr7110 Firmware	Version 1.0.007

Running on/with	Platform Versions
Timetoolsltd Sr7110	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Timetoolsltd Sc7105 Firmware	Version 1.0.007

Running on/with	Platform Versions
Timetoolsltd Sc7105	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Timetoolsltd T100 Firmware	Version 1.0.003

Running on/with	Platform Versions
Timetoolsltd T100	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Timetoolsltd T300 Firmware	Version 1.0.003

Running on/with	Platform Versions
Timetoolsltd T300	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Timetoolsltd T550 Firmware	Version 1.0.003

Running on/with	Platform Versions
Timetoolsltd T550	All versions

Related CWEs

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

https://sku11army.blogspot.com/2020/02/timetools-sr-sc-series-network-time.html

Source: cve@mitre.org

ExploitVendor Advisory

https://sku11army.blogspot.com/2020/02/timetools-sr-sc-series-network-time.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

Timeline

No history available yet.