Vulnerabilities > Timetoolsltd > Sr9210 Firmware > 1.0.007

DATE CVE VULNERABILITY TITLE RISK
2020-02-13 CVE-2020-8964 Use of Hard-coded Credentials vulnerability in Timetoolsltd products
TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to bypass authentication by placing t3axs=TiMEtOOlsj7G3xMm52wB in a t3.cgi request, aka a "hardcoded cookie."
network
low complexity
timetoolsltd CWE-798
critical
 10.0
10
2020-02-13 CVE-2020-8963 OS Command Injection vulnerability in Timetoolsltd products
TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the t3.cgi srmodel or srtime parameter.
network
low complexity
timetoolsltd CWE-78
critical
 10.0
10