Vulnerabilities > Phoenixcontact > TC Router 3002T 4G ATT Firmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-08-08 CVE-2023-3526 Cross-site Scripting vulnerability in Phoenixcontact products
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's browser.
network
low complexity
phoenixcontact CWE-79
critical
9.6
2020-03-12 CVE-2020-9436 OS Command Injection vulnerability in Phoenixcontact products
PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices allow authenticated users to inject system commands through a modified POST request to a specific URL.
network
low complexity
phoenixcontact CWE-78
critical
9.0