10

CVE-2020-15835

EPSS 0.37%
Veröffentlicht 01.02.2021 02:15:15
Zuletzt bearbeitet 21.11.2024 05:06:17
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function contains undocumented code that provides the ability to authenticate as root without knowing the actual root password. An adversary with the private key can remotely authenticate to the management interface as root.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mofinetwork ≫ Mofi4500-4gxelte Firmware Version4.1.5-std

Mofinetwork ≫ Mofi4500-4gxelte Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.37%	0.555

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://mofinetwork.com/index.php?main_page=page&id=14

Patch

Vendor Advisory

https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/

Third Party Advisory

Technical Description

https://nvd.nist.gov/vuln/detail/CVE-2020-15835

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-15835

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-15835

EUVD