Vulnerabilities > CVE-2020-23160 - Unspecified vulnerability in Pyres Termod4 Firmware

CVSS 9.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

pyres

critical

NVD

Published: 2021-01-26

Updated: 2021-03-17

Summary

Remote code execution in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to arbitrary commands as root on the devices.

Vulnerable Configurations

Part	Description	Count
OS	Pyres Pyres Termod4 Firmware *	1
Hardware	Pyres Pyres Termod4 -	1

References

https://github.com/Outpost24/Pyrescom-Termod-PoC
https://outpost24.com/blog/multiple-vulnerabilities-discovered-in-Pyrescom-Termod4-smart-device
https://pyres.com/en/solutions/termod-4/