CVE-2020-8964

Name of the Vulnerable Software and Affected Versions TimeTools SC7105 version 1.0.007 TimeTools SC9205 version 1.0.007 TimeTools SC9705 version 1.0.007 TimeTools SR7110 version 1.0.007 TimeTools SR9210 version 1.0.007 TimeTools SR9750 version 1.0.007 TimeTools SR9850 version 1.0.007 TimeTools T100 version 1.0.003 TimeTools T300 version 1.0.003 TimeTools T550 version 1.0.003

Description The issue allows remote attackers to bypass authentication by placing t3axs=TiMEtOOlsj7G3xMm52wB in a "t3.cgi" request. This is due to a hardcoded cookie.

Recommendations For TimeTools SC7105 version 1.0.007, consider disabling the t3.cgi request until a patch is available. For TimeTools SC9205 version 1.0.007, consider disabling the t3.cgi request until a patch is available. For TimeTools SC9705 version 1.0.007, consider disabling the t3.cgi request until a patch is available. For TimeTools SR7110 version 1.0.007, consider disabling the t3.cgi request until a patch is available. For TimeTools SR9210 version 1.0.007, consider disabling the t3.cgi request until a patch is available. For TimeTools SR9750 version 1.0.007, consider disabling the t3.cgi request until a patch is available. For TimeTools SR9850 version 1.0.007, consider disabling the t3.cgi request until a patch is available. For TimeTools T100 version 1.0.003, consider disabling the t3.cgi request until a patch is available. For TimeTools T300 version 1.0.003, consider disabling the t3.cgi request until a patch is available. For TimeTools T550 version 1.0.003, consider disabling the t3.cgi request until a patch is available.