Outpost24/Pyrescom-Termod-PoC

Releases0

Pyrescom Termod proof-of-concept code for CVE-2020-23160, CVE-2020-23161 and CVE-2020-23162

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-23160 ↗	Jan 26, 2021Tuesday, 26 January 2021, 18:15	8.8 HIGH	9 HIGH
Remote code execution in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to arbitrary commands as root on the devices.
CVE-2020-23161 ↗	Jan 26, 2021Tuesday, 26 January 2021, 18:15	6.5 MEDIUM	4 MEDIUM
Local file inclusion in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to traverse directories and read sensitive files via the Maintenance > Logs menu and manipulating the file-path in the URL.
CVE-2020-23162 ↗	Jan 26, 2021Tuesday, 26 January 2021, 18:15	7.5 HIGH	5 MEDIUM
Sensitive information disclosure and weak encryption in Pyrescom Termod4 time management devices before 10.04k allows remote attackers to read a session-file and obtain plain-text user credentials.