Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9
CVSSv2

CVE-2020-9436

Published: 12/03/2020 Updated: 16/03/2020
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 801
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Subscribe to Phoenixcontact

Vulnerability Summary

PHOENIX CONTACT TC ROUTER 3002T-4G up to and including 2.05.3, TC ROUTER 2002T-3G up to and including 2.05.3, TC ROUTER 3002T-4G VZW up to and including 2.05.3, TC ROUTER 3002T-4G ATT up to and including 2.05.3, TC CLOUD CLIENT 1002-4G up to and including 2.03.17, and TC CLOUD CLIENT 1002-TXTX up to and including 1.03.17 devices allow authenticated users to inject system commands through a modified POST request to a specific URL.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

phoenixcontact tc_router_3002t-4g_firmware

phoenixcontact tc_router_2002t-3g_firmware

phoenixcontact tc_router_3002t-4g_vzw_firmware

phoenixcontact tc_router_3002t-4g_att_firmware

phoenixcontact tc_cloud_client_1002-4g_firmware

phoenixcontact tc_cloud_client_1002-txtx_firmware

Exploits

Exploit DB: Phoenix Contact TC Router / TC Cloud Client Command Injection
Phoenix Contact TC Router and TC Cloud Client versions 2053 and below, 20317 and below, and 10317 and below suffer from authenticated command injection and various other vulnerabilities ...

Mailing Lists

Full Disclosure: SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router & TC Cloud Client
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router &amp; TC Cloud Client <!--X- ...

Github Repositories

https://github.com/ivanid22/NVD-scraper

NVD Scraper This is a web scraper built in ruby that retrieves data from the National Vulnerability Database's RSS feed, which contains the most recent, and most recently modified, Common Vulnerabilities and Exposures (CVE) entries in the database Overview The National Vulnerability Database (NVD) is the US government repository of cybersecurity vulnerabilities and threa

References

CWE-78https://cert.vde.com/en-us/advisories/https://cert.vde.com/en-us/advisories/vde-2020-003http://seclists.org/fulldisclosure/2020/Mar/15http://packetstormsecurity.com/files/156729/Phoenix-Contact-TC-Router-TC-Cloud-Client-Command-Injection.htmlhttps://nvd.nist.govhttps://github.com/ivanid22/NVD-scraperhttps://packetstormsecurity.com/files/156729/Phoenix-Contact-TC-Router-TC-Cloud-Client-Command-Injection.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook