CVE-2020-9436: OS Command Injection
First published: Thu Mar 12 2020(Updated: )
PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices allow authenticated users to inject system commands through a modified POST request to a specific URL.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Phoenixcontact Tc Router 3002t-4g Firmware | <=2.05.3 | |
| Phoenixcontact Tc Router 3002t-4g | ||
| Phoenixcontact Tc Router 2002t-3g Firmware | <=2.05.3 | |
| Phoenixcontact Tc Router 2002t-3g | ||
| Phoenixcontact Tc Router 3002t-4g Vzw Firmware | <=2.05.3 | |
| Phoenixcontact Tc Router 3002t-4g Vzw | ||
| Phoenixcontact Tc Router 3002t-4g Att Firmware | <=2.05.3 | |
| Phoenixcontact Tc Router 3002t-4g Att | ||
| Phoenixcontact Tc Cloud Client 1002-4g Firmware | <=2.03.17 | |
| Phoenixcontact Tc Cloud Client 1002-4g | ||
| Phoenixcontact Tc Cloud Client 1002-txtx Firmware | <=1.03.17 | |
| Phoenixcontact Tc Cloud Client 1002-txtx |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2020-9436.
What is the severity of CVE-2020-9436?
The severity of CVE-2020-9436 is critical with a CVSS score of 8.8.
Which devices are affected by CVE-2020-9436?
The affected devices include PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17.
How can the vulnerability be exploited?
Authenticated users can exploit the vulnerability to inject system commands.
Are there any fixes available for CVE-2020-9436?
It is recommended to apply the latest firmware updates provided by PHOENIX CONTACT to mitigate the vulnerability.
- collector/nvd-index
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/author
- agent/event
- agent/tags
- agent/first-publish-date
- agent/softwarecombine
- agent/description
- vendor/phoenixcontact
- canonical/phoenixcontact tc router 3002t-4g firmware
- version/phoenixcontact tc router 3002t-4g firmware/2.05.3
- canonical/phoenixcontact tc router 3002t-4g
- canonical/phoenixcontact tc router 2002t-3g firmware
- version/phoenixcontact tc router 2002t-3g firmware/2.05.3
- canonical/phoenixcontact tc router 2002t-3g
- canonical/phoenixcontact tc router 3002t-4g vzw firmware
- version/phoenixcontact tc router 3002t-4g vzw firmware/2.05.3
- canonical/phoenixcontact tc router 3002t-4g vzw
- canonical/phoenixcontact tc router 3002t-4g att firmware
- version/phoenixcontact tc router 3002t-4g att firmware/2.05.3
- canonical/phoenixcontact tc router 3002t-4g att
- canonical/phoenixcontact tc cloud client 1002-4g firmware
- version/phoenixcontact tc cloud client 1002-4g firmware/2.03.17
- canonical/phoenixcontact tc cloud client 1002-4g
- canonical/phoenixcontact tc cloud client 1002-txtx firmware
- version/phoenixcontact tc cloud client 1002-txtx firmware/1.03.17
- canonical/phoenixcontact tc cloud client 1002-txtx