Hardcoded credentials

2020-02-1303:15:00

PRIOn knowledge base

www.prio-n.com

9.5 High

AI Score

Confidence

High

0.016 Low

EPSS

Percentile

87.4%

JSON

TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to bypass authentication by placing t3axs=TiMEtOOlsj7G3xMm52wB in a t3.cgi request, aka a “hardcoded cookie.”

CPENameOperatorVersion
sc7105_firmwareeq1.0.007
sc9205_firmwareeq1.0.007
sc9705_firmwareeq1.0.007
sr7110_firmwareeq1.0.007
sr9210_firmwareeq1.0.007
sr9750_firmwareeq1.0.007
sr9850_firmwareeq1.0.007
t100_firmwareeq1.0.003
t300_firmwareeq1.0.003
t550_firmwareeq1.0.003

Name	Operator	Version
sc7105_firmware	eq	1.0.007
sc9205_firmware	eq	1.0.007
sc9705_firmware	eq	1.0.007
sr7110_firmware	eq	1.0.007
sr9210_firmware	eq	1.0.007
sr9750_firmware	eq	1.0.007
sr9850_firmware	eq	1.0.007
t100_firmware	eq	1.0.003
t300_firmware	eq	1.0.003
t550_firmware	eq	1.0.003

References

sku11army.blogspot.com/2020/02/timetools-sr-sc-series-network-time.html