CVE-2020-9436

Name of the Vulnerable Software and Affected Versions PHOENIX CONTACT TC ROUTER 3002T-4G versions 2.05.3 and earlier PHOENIX CONTACT TC ROUTER 2002T-3G versions 2.05.3 and earlier PHOENIX CONTACT TC ROUTER 3002T-4G VZW versions 2.05.3 and earlier PHOENIX CONTACT TC ROUTER 3002T-4G ATT versions 2.05.3 and earlier PHOENIX CONTACT TC CLOUD CLIENT 1002-4G versions 2.03.17 and earlier PHOENIX CONTACT TC CLOUD CLIENT 1002-TXTX versions 1.03.17 and earlier

Description The issue allows authenticated users to inject system commands through a modified POST request to a specific URL.

Recommendations For PHOENIX CONTACT TC ROUTER 3002T-4G versions 2.05.3 and earlier, update to a version later than 2.05.3. For PHOENIX CONTACT TC ROUTER 2002T-3G versions 2.05.3 and earlier, update to a version later than 2.05.3. For PHOENIX CONTACT TC ROUTER 3002T-4G VZW versions 2.05.3 and earlier, update to a version later than 2.05.3. For PHOENIX CONTACT TC ROUTER 3002T-4G ATT versions 2.05.3 and earlier, update to a version later than 2.05.3. For PHOENIX CONTACT TC CLOUD CLIENT 1002-4G versions 2.03.17 and earlier, update to a version later than 2.03.17. For PHOENIX CONTACT TC CLOUD CLIENT 1002-TXTX versions 1.03.17 and earlier, update to a version later than 1.03.17.