Jonas Mattsson - Security Researcher - Exploit Intelligence Platform

CVE-2020-23160 NOMISEC HIGH WORKING POC

Pyrescom Termod4 <10.04k - RCE

Remote code execution in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to arbitrary commands as root on the devices.

CVSS 8.8

View Code

CVE-2020-23161 WRITEUP MEDIUM WORKING POC

Pyrescom Termod4 <10.04k - Path Traversal

Local file inclusion in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to traverse directories and read sensitive files via the Maintenance > Logs menu and manipulating the file-path in the URL.

CVSS 6.5

View Code

CVE-2020-23162 WRITEUP HIGH WORKING POC

Pyrescom Termod4 <10.04k - Info Disclosure

Sensitive information disclosure and weak encryption in Pyrescom Termod4 time management devices before 10.04k allows remote attackers to read a session-file and obtain plain-text user credentials.

CVSS 7.5

View Code