Required CVE Record Information
Description
PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices allow authenticated users to inject system commands through a modified POST request to a specific URL.
References 4 Total
- https://cert.vde.com/en-us/advisories/
- https://cert.vde.com/en-us/advisories/vde-2020-003
- seclists.org: 20200313 SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router & TC Cloud Client mailing-list
- http://packetstormsecurity.com/files/156729/Phoenix-Contact-TC-Router-TC-Cloud-Client-Command-Injection.html
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 4 Total
- https://cert.vde.com/en-us/advisories/ x_transferred
- https://cert.vde.com/en-us/advisories/vde-2020-003 x_transferred
- seclists.org: 20200313 SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router & TC Cloud Client mailing-listx_transferred
- http://packetstormsecurity.com/files/156729/Phoenix-Contact-TC-Router-TC-Cloud-Client-Command-Injection.html x_transferred