Design/Logic Flaw

2020-02-1303:15:00

PRIOn knowledge base

www.prio-n.com

9.8 High

AI Score

Confidence

High

0.069 Low

EPSS

Percentile

93.9%

JSON

TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the t3.cgi srmodel or srtime parameter.

CPENameOperatorVersion
sc7105_firmwareeq1.0.007
sc9205_firmwareeq1.0.007
sc9705_firmwareeq1.0.007
sr7110_firmwareeq1.0.007
sr9210_firmwareeq1.0.007
sr9750_firmwareeq1.0.007
sr9850_firmwareeq1.0.007
t100_firmwareeq1.0.003
t300_firmwareeq1.0.003
t550_firmwareeq1.0.003

Name	Operator	Version
sc7105_firmware	eq	1.0.007
sc9205_firmware	eq	1.0.007
sc9705_firmware	eq	1.0.007
sr7110_firmware	eq	1.0.007
sr9210_firmware	eq	1.0.007
sr9750_firmware	eq	1.0.007
sr9850_firmware	eq	1.0.007
t100_firmware	eq	1.0.003
t300_firmware	eq	1.0.003
t550_firmware	eq	1.0.003

References

sku11army.blogspot.com/2020/02/timetools-sr-sc-series-network-time.html