CVE-2020-9435

CWE-798 — Hard-coded Credentials3 documents3 sources

Severity

7.5HIGH

EPSS

0.4%

top 40.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phoenixcontact TC Cloud Client 1002-4g Firmware Phoenixcontact TC Cloud Client 1002-txtx Firmware Phoenixcontact TC Router 2002t-3g Firmware +3 more

Timeline

PublishedMar 12

Latest updateMay 24

Description

PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices contain a hardcoded certificate (and key) that is used by default for web-based services on the device. Impersonation, man-in-the-middle, or passive decryption attacks are possible if the generic certificate is not replaced by a device-speci…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

▶NVDphoenixcontact/tc_router_3002t-4g_firmware2.05.3

▶NVDphoenixcontact/tc_router_3002t-4g_att_firmware2.05.3

▶NVDphoenixcontact/tc_router_3002t-4g_vzw_firmware2.05.3

▶NVDphoenixcontact/tc_cloud_client_1002-txtx_firmware1.03.17

▶NVDphoenixcontact/tc_cloud_client_1002-4g_firmware2.03.17

🔴Vulnerability Details

GHSA

GHSA-7r3j-fq4p-vrxx: PHOENIX CONTACT TC ROUTER 3002T-4G through 2↗2022-05-24

▶

CVEList

CVE-2020-9435: PHOENIX CONTACT TC ROUTER 3002T-4G through 2↗2020-03-12

▶