Syncserver S250 Firmware Security Vulnerabilities and Issues — Syncserver S250 Firmware CVE List

MicrochipSyncserver S250 Firmware

7 matches found

CVE•added 2020/02/17 3:1 a.m.•113 views

CVE-2020-9031

Symmetricom SyncServer devices (S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, S350 2.80.1) are affected by a directory traversal vulnerability in the FileName parameter of daemonlog.php. The underlying root cause is not explicitly detailed in the provided documents, but the vulnerability all...

6.5CVSS6.5AI score0.0106EPSS

CVE•added 2020/02/17 3:2 a.m.•105 views

CVE-2020-9029

CVE-2020-9029 concerns Symmetricom SyncServer family (S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, S350 2.80.1) where a Directory Traversal is possible via the FileName parameter to messagelog.php. The connected sources consistently describe a path traversal vulnerability in these devices; ...

6.5CVSS6.5AI score0.01221EPSS

CVE•added 2020/02/17 3:0 a.m.•105 views

CVE-2020-9034

The CVE-2020-9034 entry affects Symmetricom SyncServer models S100 (2.90.70.3), S200 (1.30), S250 (1.25), S300 (2.65.0), and S350 (2.80.1). The vulnerability stems from mishandled session validation, allowing unauthenticated creation, modification, or deletion of user accounts. Documents consiste...

7.5CVSS7.6AI score0.00911EPSS

CVE•added 2020/02/17 3:2 a.m.•101 views

CVE-2020-9030

Symmetricom SyncServer S100/S200/S250/S300/S350 devices are affected by CVE-2020-9030 due to a directory traversal vulnerability in the FileName parameter of syslog.php. The root cause is improper validation of the file path, enabling an attacker to access locations outside of a restricted direct...

6.5CVSS6.5AI score0.0106EPSS

CVE•added 2020/02/17 3:1 a.m.•100 views

CVE-2020-9033

CVE-2020-9033 affects Microchip/Symmetricom SyncServer models S100 (2.90.70.3), S200 (1.30), S250 (1.25), S300 (2.65.0), and S350 (2.80.1). The vulnerability is a directory traversal flaw exploitable via the FileName parameter to authlog.php, enabling access to restricted filesystem locations. Ro...

6.5CVSS6.5AI score0.01314EPSS

CVE•added 2020/02/17 3:1 a.m.•97 views

CVE-2020-9032

CVE-2020-9032 affects Symmetricom SyncServer S100/S200/S250/S300/S350 devices (versions listed in the CVE) and enables Directory Traversal via the FileName parameter to kernlog.php. Root cause: improper handling/filtering of file paths in kernlog.php leading to access outside the intended directo...

6.5CVSS6.5AI score0.0106EPSS

CVE•added 2020/02/17 3:2 a.m.•96 views

CVE-2020-9028

The CVE-2020-9028 entry concerns Symmetricom SyncServer devices (S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, S350 2.80.1) that allow stored XSS via the newUserName parameter on the User Creation, Deletion and Password Maintenance screen when creating a new user. The connected documents con...

6.1CVSS6AI score0.00668EPSS