CVEs-PoC/2020/CVE-2020-8964.md

### [CVE-2020-8964](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8964)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to bypass authentication by placing t3axs=TiMEtOOlsj7G3xMm52wB in a t3.cgi request, aka a "hardcoded cookie."

### POC

#### Reference
- https://sku11army.blogspot.com/2020/02/timetools-sr-sc-series-network-time.html

#### Github
No PoCs found on GitHub currently.