1. Home
  2. CVE Database
  3. CVE-2020-8964
CRITICAL · 9.8

CVE-2020-8964

TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to...

Vulnerability Description

TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to bypass authentication by placing t3axs=TiMEtOOlsj7G3xMm52wB in a t3.cgi request, aka a "hardcoded cookie."

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
TimetoolsltdSr9850 Firmware1.0.007
TimetoolsltdSr9850-
TimetoolsltdSr9750 Firmware1.0.007
TimetoolsltdSr9750-
TimetoolsltdSc9705 Firmware1.0.007
TimetoolsltdSc9705-
TimetoolsltdSr9210 Firmware1.0.007
TimetoolsltdSr9210-
TimetoolsltdSc9205 Firmware1.0.007
TimetoolsltdSc9205-
TimetoolsltdSr7110 Firmware1.0.007
TimetoolsltdSr7110-
TimetoolsltdSc7105 Firmware1.0.007
TimetoolsltdSc7105-
TimetoolsltdT100 Firmware1.0.003
TimetoolsltdT100-
TimetoolsltdT300 Firmware1.0.003
TimetoolsltdT300-
TimetoolsltdT550 Firmware1.0.003
TimetoolsltdT550-

Related Weaknesses (CWE)

CWE-798

References

FAQ

What is CVE-2020-8964?

CVE-2020-8964 is a vulnerability with a CVSS score of 9.8 (CRITICAL). TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to...

How severe is CVE-2020-8964?

CVE-2020-8964 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-8964?

Check the references section above for vendor advisories and patch information. Affected products include: Timetoolsltd Sr9850 Firmware, Timetoolsltd Sr9850, Timetoolsltd Sr9750 Firmware, Timetoolsltd Sr9750, Timetoolsltd Sc9705 Firmware.