CVE-2019-12182

Sažetak

Directory Traversal in Safescan Timemoto and TA-8000 series version 1.0 allows unauthenticated remote attackers to execute code via the administrative API.

Reference

https://github.com/ProCheckUp/SafeScan
https://procheckup.com/blogs/posts/2020/february/remote-code-execution-on-biometric-iot-devices/
https://safescan.com/
https://support.timemoto.com/en/s/safescan-time-clock-systems/a/firmware-update-7-dot-03-dot-100-ta8000-14

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

20-03-2020 - 15:00

Objavljeno

13-03-2020 - 17:15