Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-9436

PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices allow authenticated users to inject system commands through a modified POST request to a specific URL.

Published

2020-03-12T14:15:21.783

Last Modified

2024-11-21T05:40:38.350

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

8.0

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-78
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System phoenixcontact tc_router_3002t-4g_firmware ≤ 2.05.3 Yes
Hardware phoenixcontact tc_router_3002t-4g - No
Operating System phoenixcontact tc_router_2002t-3g_firmware ≤ 2.05.3 Yes
Hardware phoenixcontact tc_router_2002t-3g - No
Operating System phoenixcontact tc_router_3002t-4g_vzw_firmware ≤ 2.05.3 Yes
Hardware phoenixcontact tc_router_3002t-4g_vzw - No
Operating System phoenixcontact tc_router_3002t-4g_att_firmware ≤ 2.05.3 Yes
Hardware phoenixcontact tc_router_3002t-4g_att - No
Operating System phoenixcontact tc_cloud_client_1002-4g_firmware ≤ 2.03.17 Yes
Hardware phoenixcontact tc_cloud_client_1002-4g - No
Operating System phoenixcontact tc_cloud_client_1002-txtx_firmware ≤ 1.03.17 Yes
Hardware phoenixcontact tc_cloud_client_1002-txtx - No
References