CVSS: 10.0EPSS: 2%CPEs: 20EXPL: 1CVE-2020-8963
https://notcve.org/view.php?id=CVE-2020-8963
13 Feb 2020 — TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the t3.cgi srmodel or srtime parameter. Los dispositivos TimeTools SC7105 versiones 1.0.007, SC9205 versiones 1.0.007, SC9705 versiones 1.0.007, SR7110 versiones 1.0.007, SR9210 versiones 1.0.007, SR9750 versiones 1.0.007, SR9850 versiones 1.0.007, T100... • https://sku11army.blogspot.com/2020/02/timetools-sr-sc-series-network-time.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 6%CPEs: 20EXPL: 1CVE-2020-8964
https://notcve.org/view.php?id=CVE-2020-8964
13 Feb 2020 — TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to bypass authentication by placing t3axs=TiMEtOOlsj7G3xMm52wB in a t3.cgi request, aka a "hardcoded cookie." Los dispositivos TimeTools SC7105 versiones 1.0.007, SC9205 versiones 1.0.007, SC9705 versiones 1.0.007, SR7110 versiones 1.0.007, SR9210 versiones 1.0.007, SR9750 versiones 1.0.007, SR9850 versiones 1.0.... • https://sku11army.blogspot.com/2020/02/timetools-sr-sc-series-network-time.html • CWE-798: Use of Hard-coded Credentials •