Pyres Termod4 Firmware vulnerabilities
3 known vulnerabilities affecting pyres/termod4_firmware.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2020-23160P2HIGHCVSS 8.8fixed in 10.04k2021-01-26
CVE-2020-23160 [HIGH] CVE-2020-23160: Remote code execution in Pyrescom Termod4 time management devices before 10.04k allows authenticated
Remote code execution in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to arbitrary commands as root on the devices.
nvd
CVE-2020-23162P3HIGHCVSS 7.5fixed in 10.04k2021-01-26
CVE-2020-23162 [HIGH] CWE-327 CVE-2020-23162: Sensitive information disclosure and weak encryption in Pyrescom Termod4 time management devices bef
Sensitive information disclosure and weak encryption in Pyrescom Termod4 time management devices before 10.04k allows remote attackers to read a session-file and obtain plain-text user credentials.
nvd
CVE-2020-23161P3MEDIUMCVSS 6.5fixed in 10.04k2021-01-26
CVE-2020-23161 [MEDIUM] CWE-22 CVE-2020-23161: Local file inclusion in Pyrescom Termod4 time management devices before 10.04k allows authenticated
Local file inclusion in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to traverse directories and read sensitive files via the Maintenance > Logs menu and manipulating the file-path in the URL.
nvd