CVE-2020-9436: OS Command Injection
First published: Thu Mar 12 2020(Updated: )
PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices allow authenticated users to inject system commands through a modified POST request to a specific URL.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Phoenix Contact TC Router 3002T-4G Firmware | <=2.05.3 | |
| Phoenix Contact TC Router 3002T-4G Firmware | ||
| Phoenixcontact TC Router 2002T-3G Firmware | <=2.05.3 | |
| Phoenixcontact Tc Router 2002t-3g Firmware | ||
| Phoenix Contact TC Router 3002T-4G Firmware | <=2.05.3 | |
| Phoenix Contact TC Router 3002T-4G Firmware | ||
| Phoenix Contact TC Router 3002T-4G Firmware | <=2.05.3 | |
| Phoenix Contact TC Router 3002T-4G Firmware | ||
| Phoenix Contact TC Cloud Client 1002-4G VZW | <=2.03.17 | |
| Phoenix Contact TC Cloud Client | ||
| Phoenixcontact TC Cloud Client 1002-txtx | <=1.03.17 | |
| Phoenixcontact TC Cloud Client 1002-txtx Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2020-9436.
What is the severity of CVE-2020-9436?
The severity of CVE-2020-9436 is critical with a CVSS score of 8.8.
Which devices are affected by CVE-2020-9436?
The affected devices include PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17.
How can the vulnerability be exploited?
Authenticated users can exploit the vulnerability to inject system commands.
Are there any fixes available for CVE-2020-9436?
It is recommended to apply the latest firmware updates provided by PHOENIX CONTACT to mitigate the vulnerability.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/author
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/phoenixcontact
- canonical/phoenix contact tc router 3002t-4g firmware
- version/phoenix contact tc router 3002t-4g firmware/2.05.3
- canonical/phoenixcontact tc router 2002t-3g firmware
- version/phoenixcontact tc router 2002t-3g firmware/2.05.3
- canonical/phoenix contact tc cloud client 1002-4g vzw
- version/phoenix contact tc cloud client 1002-4g vzw/2.03.17
- canonical/phoenix contact tc cloud client
- canonical/phoenixcontact tc cloud client 1002-txtx
- version/phoenixcontact tc cloud client 1002-txtx/1.03.17