CVEs-PoC/2020/CVE-2020-8963.md

### [CVE-2020-8963](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8963)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the t3.cgi srmodel or srtime parameter.

### POC

#### Reference
- https://sku11army.blogspot.com/2020/02/timetools-sr-sc-series-network-time.html

#### Github
No PoCs found on GitHub currently.