VYPR

SyncServer

by Symmetricom

CVEs (7)

  • CVE-2020-9034HigFeb 17, 2020
    risk 0.49cvss 7.5epss 0.01

    Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users.

  • CVE-2020-9033MedFeb 17, 2020
    risk 0.42cvss 6.5epss 0.01

    Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to authlog.php.

  • CVE-2020-9032MedFeb 17, 2020
    risk 0.42cvss 6.5epss 0.01

    Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to kernlog.php.

  • CVE-2020-9031MedFeb 17, 2020
    risk 0.42cvss 6.5epss 0.01

    Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to daemonlog.php.

  • CVE-2020-9030MedFeb 17, 2020
    risk 0.42cvss 6.5epss 0.01

    Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the syslog.php.

  • CVE-2020-9029MedFeb 17, 2020
    risk 0.42cvss 6.5epss 0.01

    Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to messagelog.php.

  • CVE-2020-9028MedFeb 17, 2020
    risk 0.40cvss 6.1epss 0.01

    Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the "User Creation, Deletion and Password Maintenance" screen (when creating a new user).