CVE-2020-8963

Name of the Vulnerable Software and Affected Versions TimeTools SC7105 version 1.0.007 TimeTools SC9205 version 1.0.007 TimeTools SC9705 version 1.0.007 TimeTools SR7110 version 1.0.007 TimeTools SR9210 version 1.0.007 TimeTools SR9750 version 1.0.007 TimeTools SR9850 version 1.0.007 TimeTools T100 version 1.0.003 TimeTools T300 version 1.0.003 TimeTools T550 version 1.0.003

Description The issue allows remote attackers to execute arbitrary OS commands via shell metacharacters in the t3.cgi srmodel or srtime parameter. This enables attackers to potentially gain unauthorized access and control over the affected devices.

Recommendations For TimeTools SC7105 version 1.0.007, consider disabling the t3.cgi script until a patch is available. For TimeTools SC9205 version 1.0.007, restrict access to the srmodel and srtime parameters in the t3.cgi script. For TimeTools SC9705 version 1.0.007, avoid using the srmodel and srtime parameters in the t3.cgi script until the issue is resolved. For TimeTools SR7110 version 1.0.007, temporarily disable the t3.cgi script to prevent exploitation. For TimeTools SR9210 version 1.0.007, restrict access to the t3.cgi script to minimize the risk of exploitation. For TimeTools SR9750 version 1.0.007, consider disabling the srmodel and srtime parameters in the t3.cgi script. For TimeTools SR9850 version 1.0.007, avoid using the t3.cgi script until a patch is available. For TimeTools T100 version 1.0.003, restrict access to the t3.cgi script to prevent exploitation. For TimeTools T300 version 1.0.003, consider disabling the srmodel and srtime parameters in the t3.cgi script. For TimeTools T550 version 1.0.003, temporarily disable the t3.cgi script until the issue is resolved.