Vulnerability Description
Local file inclusion in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to traverse directories and read sensitive files via the Maintenance > Logs menu and manipulating the file-path in the URL.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pyres | Termod4 Firmware | < 10.04k |
| Pyres | Termod4 | - |
Related Weaknesses (CWE)
References
- https://github.com/Outpost24/Pyrescom-Termod-PoCExploitThird Party Advisory
- https://outpost24.com/blog/multiple-vulnerabilities-discovered-in-Pyrescom-TermoExploitThird Party Advisory
- https://pyres.com/en/solutions/termod-4/ProductVendor Advisory
- https://github.com/Outpost24/Pyrescom-Termod-PoCExploitThird Party Advisory
- https://outpost24.com/blog/multiple-vulnerabilities-discovered-in-Pyrescom-TermoExploitThird Party Advisory
- https://pyres.com/en/solutions/termod-4/ProductVendor Advisory
FAQ
What is CVE-2020-23161?
CVE-2020-23161 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Local file inclusion in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to traverse directories and read sensitive files via the Maintenance > Logs menu an...
How severe is CVE-2020-23161?
CVE-2020-23161 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-23161?
Check the references section above for vendor advisories and patch information. Affected products include: Pyres Termod4 Firmware, Pyres Termod4.