CVE-2020-9030

MEDIUM

Microchip SyncServer S100 2.90.70.3 S200 1.30 S250 1.25 S300 2.65.0 S350 2.80.1 - Path Traversal via FileName Parameter

Title source: llm
STIX 2.1

Description

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the syslog.php.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://sku11army.blogspot.com/2020/01/symmetricom-syncserver.html

Scores

CVSS v3 6.5
EPSS 0.0106
EPSS Percentile 60.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Details

CWE
CWE-22
Status published
Products (5)
microchip/syncserver_s100_firmware 2.90.70.3
microchip/syncserver_s200_firmware 1.30
microchip/syncserver_s250_firmware 1.25
microchip/syncserver_s300_firmware 2.65.0
microchip/syncserver_s350_firmware 2.80.1
Published Feb 17, 2020
Tracked Since Feb 18, 2026