Skip to main content

Syncserver S300 Firmware

7 CVEs product

Monthly

CVE-2020-9033 MEDIUM POC This Month

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to authlog.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Syncserver S100 Firmware Syncserver S200 Firmware Syncserver S250 Firmware +2
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-9032 MEDIUM POC This Month

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to kernlog.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Syncserver S100 Firmware Syncserver S200 Firmware Syncserver S250 Firmware +2
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-9031 MEDIUM POC This Month

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to daemonlog.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Syncserver S100 Firmware Syncserver S200 Firmware Syncserver S250 Firmware +2
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-9030 MEDIUM POC This Month

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the syslog.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Syncserver S100 Firmware Syncserver S200 Firmware Syncserver S250 Firmware +2
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-9029 MEDIUM POC This Month

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to messagelog.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Syncserver S100 Firmware Syncserver S200 Firmware Syncserver S250 Firmware +2
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-9028 MEDIUM POC This Month

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the "User Creation, Deletion and Password. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Syncserver S100 Firmware Syncserver S200 Firmware Syncserver S250 Firmware Syncserver S300 Firmware +1
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-9034 HIGH POC This Week

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Syncserver S100 Firmware Syncserver S200 Firmware Syncserver S250 Firmware Syncserver S300 Firmware +1
NVD
CVSS 3.1
7.5
EPSS
0.9%
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to authlog.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Syncserver S100 Firmware +4
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to kernlog.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Syncserver S100 Firmware +4
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to daemonlog.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Syncserver S100 Firmware +4
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the syslog.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Syncserver S100 Firmware +4
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to messagelog.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Syncserver S100 Firmware +4
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the "User Creation, Deletion and Password. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Syncserver S100 Firmware Syncserver S200 Firmware +3
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Syncserver S100 Firmware Syncserver S200 Firmware +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy