Published: 26/01/2021 Updated: 30/03/2021

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Local file inclusion in Pyrescom Termod4 time management devices prior to 10.04k allows authenticated remote malicious users to traverse directories and read sensitive files via the Maintenance > Logs menu and manipulating the file-path in the URL.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pyres termod4_firmware

Pyrescom Termod proof-of-concept code for CVE-2020-23160, CVE-2020-23161 and CVE-2020-23162

Pyrescom-Termod-PoC This is the Proof-of-concept exploit code for three vulnerabilities discovered by Jonas Mattsson and Hugo van den Toorn at Outpost24 Ghost Labs These vulnerabilities are discovered in the web server component on a Pyrescom Termod4 time control machine These vulnerabilities can be chained and allow a remote attacker to bypass authentication, read files from

CWE-22 https://pyres.com/en/solutions/termod-4/https://outpost24.com/blog/multiple-vulnerabilities-discovered-in-Pyrescom-Termod4-smart-device https://github.com/Outpost24/Pyrescom-Termod-PoC https://nvd.nist.gov https://github.com/Outpost24/Pyrescom-Termod-PoC

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-23161

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect