Lucene search

Syncserver S300 Firmware Security Vulnerabilities

cve

CVE-2020-9028

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the "User Creation, Deletion and Password Maintenance" screen (when creating a new user).

6.1CVSS

6AI Score

0.001EPSS

2020-02-17 04:15 AM

cve

CVE-2020-9029

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to messagelog.php.

6.5CVSS

6.5AI Score

0.001EPSS

2020-02-17 04:15 AM

cve

CVE-2020-9030

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the syslog.php.

6.5CVSS

6.5AI Score

0.001EPSS

2020-02-17 04:15 AM

cve

CVE-2020-9031

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to daemonlog.php.

6.5CVSS

6.5AI Score

0.001EPSS

2020-02-17 04:15 AM

cve

CVE-2020-9032

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to kernlog.php.

6.5CVSS

6.5AI Score

0.001EPSS

2020-02-17 04:15 AM

cve

CVE-2020-9033

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to authlog.php.

6.5CVSS

6.5AI Score

0.001EPSS

2020-02-17 04:15 AM

cve

CVE-2020-9034

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users.

7.5CVSS

7.6AI Score

0.001EPSS

2020-02-17 03:15 AM