← Back

Tc Router 3002t 4g Vzw Firmware

tc_router_3002t-4g_vzw_firmware

Vendor: Phoenixcontact • 4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-3569
1Phoenixcontact
7Cloud Client 1101t Tx Firmware
Tc Cloud Client 1002 4g Att FirmwareTc Cloud Client 1002 4g Firmware+4 more
Nov 21, 2024
Aug 8, 2023
N/A· v4
4.9 MEDIUM· v3
N/A· v2
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file w...Show more
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.Show less
CVE-2023-3526
1Phoenixcontact
7Cloud Client 1101t Tx Firmware
Tc Cloud Client 1002 4g Att FirmwareTc Cloud Client 1002 4g Firmware+4 more
Nov 21, 2024
Aug 8, 2023
N/A· v4
9.6 CRITICAL· v3
N/A· v2
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer p...Show more
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's browser.Show less
CVE-2020-9436
1Phoenixcontact
6Tc Cloud Client 1002 4g Firmware
Tc Cloud Client 1002 Txtx FirmwareTc Router 2002t 3g Firmware+3 more
Nov 21, 2024
Mar 12, 2020
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CL...Show more
PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices allow authenticated users to inject system commands through a modified POST request to a specific URL.Show less
CVE-2020-9435
1Phoenixcontact
6Tc Cloud Client 1002 4g Firmware
Tc Cloud Client 1002 Txtx FirmwareTc Router 2002t 3g Firmware+3 more
Nov 21, 2024
Mar 12, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CL...Show more
PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices contain a hardcoded certificate (and key) that is used by default for web-based services on the device. Impersonation, man-in-the-middle, or passive decryption attacks are possible if the generic certificate is not replaced by a device-specific certificate during installation.Show less