Vulnerabilities > Phoenixcontact > TC Cloud Client 1002 Txtx Firmware > 1.03.17

DATE CVE VULNERABILITY TITLE RISK
2020-03-12 CVE-2020-9436 OS Command Injection vulnerability in Phoenixcontact products
PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices allow authenticated users to inject system commands through a modified POST request to a specific URL.
network
low complexity
phoenixcontact CWE-78
critical
 9.0
9.0
2020-03-12 CVE-2020-9435 Use of Hard-coded Credentials vulnerability in Phoenixcontact products
PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices contain a hardcoded certificate (and key) that is used by default for web-based services on the device.
network
low complexity
phoenixcontact CWE-798
5.0
5.0