|Article No°||Product Name||Affected Version(s)|
|1234355||CLOUD CLIENT 2002T-4G EU||< 184.108.40.206|
|1234360||CLOUD CLIENT 2002T-WLAN||< 220.127.116.11|
|1234357||CLOUD CLIENT 2102T-4G EU WLAN||< 18.104.22.168|
|1234352||TC ROUTER 4002T-4G EU||< 22.214.171.124|
|1234353||TC ROUTER 4102T-4G EU WLAN||< 126.96.36.199|
|1234354||TC ROUTER 4202T-4G EU WLAN||< 188.8.131.52|
Two Vulnerabilities have been discovered in TC ROUTER 4000 series and CLOUD CLIENT 2000 series up to firmware version 4.5.7x.107.
The web administration interface is vulnerable for authenticated admin users to path traversals, which could lead to arbitrary file uploads or deletion. Unvalidated user input also enables execution of OS commands.
NetModule NSRW web administration interface executes an OS command constructed with unsanitized user input. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges. This issue affects NSRW: from 184.108.40.206 before 220.127.116.11, from 18.104.22.168 before 22.214.171.124, from 126.96.36.199 before 188.8.131.52, from 184.108.40.206 before 220.127.116.11.
The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion. By uploading malicious files to the web root directory, authenticated users could gain remote command execution with elevated privileges. This issue affects NSRW: from 18.104.22.168 before 22.214.171.124, from 126.96.36.199 before 188.8.131.52, from 184.108.40.206 before 220.127.116.11, from 18.104.22.168 before 22.214.171.124.
The web interface is available only after authentication. An authorized admin user could use these vulnerabilities to execute arbitrary commands, upload arbitrary files or delete files from the device. This may lead to the device no longer functioning properly.
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note: Measures to protect network-capable devices with Ethernet connection
The vulnerability is fixed in firmware version 4.6.7x.101. We strongly recommend all affected users to upgrade to this or a later version.
This vulnerability was discovered and reported by ONEKEY.
We kindly appreciate the coordinated disclosure of this vulnerability by the finder.
PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication.