CVE-2020-8963
CRITICALTimeTools SC7105-SR9850 T100-T550 OS Command Injection via t3.cgi
Title source: llmDescription
TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the t3.cgi srmodel or srtime parameter.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://sku11army.blogspot.com/2020/02/timetools-sr-sc-series-network-time.html
Scores
CVSS v3
9.8
EPSS
0.0268
EPSS Percentile
83.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (10)
timetoolsltd/sc7105_firmware
1.0.007
timetoolsltd/sc9205_firmware
1.0.007
timetoolsltd/sc9705_firmware
1.0.007
timetoolsltd/sr7110_firmware
1.0.007
timetoolsltd/sr9210_firmware
1.0.007
timetoolsltd/sr9750_firmware
1.0.007
timetoolsltd/sr9850_firmware
1.0.007
timetoolsltd/t100_firmware
1.0.003
timetoolsltd/t300_firmware
1.0.003
timetoolsltd/t550_firmware
1.0.003
Published
Feb 13, 2020
Tracked Since
Feb 18, 2026