CVE-2020-23161

2021-01-2213:11:37

mitre

www.cve.org

pyrescom termod4

file inclusion

remote attackers

sensitive files

directory traversal

url manipulation

AI Score

6.4

Confidence

High

EPSS

0.002

Percentile

53.7%

JSON

Local file inclusion in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to traverse directories and read sensitive files via the Maintenance > Logs menu and manipulating the file-path in the URL.

References

github.com/Outpost24/Pyrescom-Termod-PoC

outpost24.com/blog/multiple-vulnerabilities-discovered-in-Pyrescom-Termod4-smart-device

pyres.com/en/solutions/termod-4/