CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-23161

Local file inclusion in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to traverse directories and read sensitive files via the Maintenance > Logs menu and manipulating the file-path in the URL.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 69.2%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.0

References

https://github.com/Outpost24/Pyrescom-Termod-PoC
https://outpost24.com/blog/multiple-vulnerabilities-discovered-in-Pyrescom-Termod4-smart-device
https://pyres.com/en/solutions/termod-4/
https://github.com/Outpost24/Pyrescom-Termod-PoC
https://outpost24.com/blog/multiple-vulnerabilities-discovered-in-Pyrescom-Termod4-smart-device
https://pyres.com/en/solutions/termod-4/

Products affected by CVE-2020-23161

Pyres » Termod4 » Version: N/A

cpe:2.3:h:pyres:termod4:-
Pyres » Termod4 Firmware » Version: N/A

cpe:2.3:o:pyres:termod4_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-23161

Products

Pricing

Contact Us