CVE-2019-12183

Опубликовано: 02 мар. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Incorrect Access Control in Safescan Timemoto TM-616 and TA-8000 series allows remote attackers to read any file via the administrative API.

Ссылки

https://github.com/ProCheckUp/SafeScan
Exploit
Third Party Advisory
https://procheckup.com/blogs/posts/2020/february/remote-code-execution-on-biometric-iot-devices/
Exploit
Third Party Advisory
https://support.timemoto.com/en/s/safescan-time-clock-systems/a/firmware-update-7-dot-03-dot-100-ta8000-14
https://github.com/ProCheckUp/SafeScan
Exploit
Third Party Advisory
https://procheckup.com/blogs/posts/2020/february/remote-code-execution-on-biometric-iot-devices/
Exploit
Third Party Advisory
https://support.timemoto.com/en/s/safescan-time-clock-systems/a/firmware-update-7-dot-03-dot-100-ta8000-14

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:safescan:timemoto_tm-616_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:safescan:timemoto_tm-616:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:safescan:ta-8035_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:safescan:ta-8035:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:safescan:ta-8010_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:safescan:ta-8010:-:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

cpe:2.3:o:safescan:ta-8015_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:safescan:ta-8015:-:*:*:*:*:*:*:*

Конфигурация 5

Одновременно

cpe:2.3:o:safescan:ta-8020_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:safescan:ta-8020:-:*:*:*:*:*:*:*

Конфигурация 6

Одновременно

cpe:2.3:o:safescan:ta-8025_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:safescan:ta-8025:-:*:*:*:*:*:*:*

Конфигурация 7

Одновременно

cpe:2.3:o:safescan:ta-8030_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:safescan:ta-8030:-:*:*:*:*:*:*:*

EPSS

Процентиль: 70%

0.00644

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-269

Связанные уязвимости

GHSA-g9vg-v2c4-24j4

github

больше 3 лет назад

Incorrect Access Control in Safescan Timemoto TM-616 and TA-8000 series allows remote attackers to read any file via the administrative API.

EPSS

Процентиль: 70%

0.00644

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-269