Vulnerability Details CVE-2019-12183
Incorrect Access Control in Safescan Timemoto TM-616 and TA-8000 series allows remote attackers to read any file via the administrative API.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.7%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://github.com/ProCheckUp/SafeScan
- https://procheckup.com/blogs/posts/2020/february/remote-code-execution-on-biometric-iot-devices/
- https://support.timemoto.com/en/s/safescan-time-clock-systems/a/firmware-update-7-dot-03-dot-100-ta8000-14
- https://github.com/ProCheckUp/SafeScan
- https://procheckup.com/blogs/posts/2020/february/remote-code-execution-on-biometric-iot-devices/
- https://support.timemoto.com/en/s/safescan-time-clock-systems/a/firmware-update-7-dot-03-dot-100-ta8000-14
Products affected by CVE-2019-12183
-
cpe:2.3:h:safescan:ta-8010:-
-
cpe:2.3:h:safescan:ta-8015:-
-
cpe:2.3:h:safescan:ta-8020:-
-
cpe:2.3:h:safescan:ta-8025:-
-
cpe:2.3:h:safescan:ta-8030:-
-
cpe:2.3:h:safescan:ta-8035:-
-
cpe:2.3:h:safescan:timemoto_tm-616:-
-
cpe:2.3:o:safescan:ta-8010_firmware:-
-
cpe:2.3:o:safescan:ta-8015_firmware:-
-
cpe:2.3:o:safescan:ta-8020_firmware:-
-
cpe:2.3:o:safescan:ta-8025_firmware:-
-
cpe:2.3:o:safescan:ta-8030_firmware:-
-
cpe:2.3:o:safescan:ta-8035_firmware:-
-
cpe:2.3:o:safescan:timemoto_tm-616_firmware:-