CVE-2020-23162

Опубликовано: 26 янв. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Sensitive information disclosure and weak encryption in Pyrescom Termod4 time management devices before 10.04k allows remote attackers to read a session-file and obtain plain-text user credentials.

Ссылки

https://github.com/Outpost24/Pyrescom-Termod-PoC
Exploit
Third Party Advisory
https://outpost24.com/blog/multiple-vulnerabilities-discovered-in-Pyrescom-Termod4-smart-device
Exploit
Third Party Advisory
https://pyres.com/en/solutions/termod-4/
Product
Vendor Advisory
https://github.com/Outpost24/Pyrescom-Termod-PoC
Exploit
Third Party Advisory
https://outpost24.com/blog/multiple-vulnerabilities-discovered-in-Pyrescom-Termod4-smart-device
Exploit
Third Party Advisory
https://pyres.com/en/solutions/termod-4/
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:pyres:termod4_firmware:*:*:*:*:*:*:*:*

Версия до 10.04k (исключая)

cpe:2.3:h:pyres:termod4:-:*:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.0061

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-327

Связанные уязвимости

GHSA-p48g-p6gh-8qfq

github

больше 3 лет назад