CVE-2020-9435
published 2020-03-12CVE-2020-9435: PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices contain a hardcoded certificate (and key) that is used by default for web-based services on the device. Impersonation, man-in-the-middle, or passive decryption attacks are possible if the generic certificate is not replaced by a device-specific certificate during installation.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phoenixcontact | tc_cloud_client_1002-4g_firmware | <= 2.03.17 | — |
| phoenixcontact | tc_cloud_client_1002-txtx_firmware | <= 1.03.17 | — |
| phoenixcontact | tc_router_2002t-3g_firmware | <= 2.05.3 | — |
| phoenixcontact | tc_router_3002t-4g_att_firmware | <= 2.05.3 | — |
| phoenixcontact | tc_router_3002t-4g_firmware | <= 2.05.3 | — |
| phoenixcontact | tc_router_3002t-4g_vzw_firmware | <= 2.05.3 | — |