CVE-2019-12182

high-risk

Published 2020-03-13

Directory Traversal in Safescan Timemoto and TA-8000 series version 1.0 allows unauthenticated remote attackers to execute code via the administrative API.

Do I need to act?

11.8% chance of exploitation in next 30 days

EPSS score — higher than 88% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (7)

Ta-8010 Firmware

Ta-8015 Firmware

Ta-8020 Firmware

Ta-8025 Firmware

Ta-8030 Firmware

Ta-8035 Firmware

Tm-616 Firmware

Affected Vendors

Safescan

References (8)

Exploit https://github.com/ProCheckUp/SafeScan

Exploit https://procheckup.com/blogs/posts/2020/february/remote-code-execution-on-biomet...

Product https://safescan.com/

Vendor Advisory https://support.timemoto.com/en/s/safescan-time-clock-systems/a/firmware-update-...

Exploit https://github.com/ProCheckUp/SafeScan

Exploit https://procheckup.com/blogs/posts/2020/february/remote-code-execution-on-biomet...

Product https://safescan.com/

Vendor Advisory https://support.timemoto.com/en/s/safescan-time-clock-systems/a/firmware-update-...

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 11/34 · Low

Exposure 14/34 · Moderate