Pyres: >> Termod4 Security Vulnerabilities
Remote code execution in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to arbitrary commands as root on the devices.
CVSS Score
8.8
EPSS Score
0.233
Published
2021-01-26
Local file inclusion in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to traverse directories and read sensitive files via the Maintenance > Logs menu and manipulating the file-path in the URL.
CVSS Score
6.5
EPSS Score
0.006
Published
2021-01-26
Sensitive information disclosure and weak encryption in Pyrescom Termod4 time management devices before 10.04k allows remote attackers to read a session-file and obtain plain-text user credentials.
CVSS Score
7.5
EPSS Score
0.001
Published
2021-01-26