CVE-2020-9436
published 2020-03-12CVE-2020-9436: PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices allow authenticated users to inject system commands through a modified POST request to a specific URL.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phoenixcontact | tc_cloud_client_1002-4g_firmware | <= 2.03.17 | — |
| phoenixcontact | tc_cloud_client_1002-txtx_firmware | <= 1.03.17 | — |
| phoenixcontact | tc_router_2002t-3g_firmware | <= 2.05.3 | — |
| phoenixcontact | tc_router_3002t-4g_att_firmware | <= 2.05.3 | — |
| phoenixcontact | tc_router_3002t-4g_firmware | <= 2.05.3 | — |
| phoenixcontact | tc_router_3002t-4g_vzw_firmware | <= 2.05.3 | — |