8.8
CVE-2020-8168
- EPSS 0.32%
- Veröffentlicht 26.05.2020 16:15:12
- Zuletzt bearbeitet 21.11.2024 05:38:25
- Quelle support@hackerone.com
- CVE-Watchlists
- Unerledigt
LoginWe have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:Attackers can abuse multiple end-points not protected against cross-site request forgery (CSRF), as a result authenticated users can be persuaded to visit malicious web pages, which allows attackers to perform arbitrary actions, such as downgrade the device's firmware to older versions, modify configuration, upload arbitrary firmware, exfiltrate files and tokens.Mitigation:Update to the latest AirMax AirOS firmware version available at the AirMax download page.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ui ≫ Airos Version <= 6.2.0
Ui ≫ Ag-hp-2g16 Version-
Ui ≫ Ag-hp-2g20 Version-
Ui ≫ Ag-hp-5g23 Version-
Ui ≫ Ag-hp-5g27 Version-
Ui ≫ Airgrid M Version-
Ui ≫ Airgrid M2 Version-
Ui ≫ Airgrid M5 Version-
Ui ≫ Ar Version-
Ui ≫ Ar-hp Version-
Ui ≫ Bm2-ti Version-
Ui ≫ Bm2hp Version-
Ui ≫ Bm5-ti Version-
Ui ≫ Bm5hp Version-
Ui ≫ Is-m5 Version-
Ui ≫ Lbem5-23 Version-
Ui ≫ Litestation M5 Version-
Ui ≫ Locom2 Version-
Ui ≫ Locom5 Version-
Ui ≫ Locom9 Version-
Ui ≫ M2 Version-
Ui ≫ M3 Version-
Ui ≫ M365 Version-
Ui ≫ M5 Version-
Ui ≫ M900 Version-
Ui ≫ Nb-2g18 Version-
Ui ≫ Nb-5g22 Version-
Ui ≫ Nb-5g25 Version-
Ui ≫ Nbe-m2-13 Version-
Ui ≫ Nbe-m5-16 Version-
Ui ≫ Nbe-m5-19 Version-
Ui ≫ Nbm3 Version-
Ui ≫ Nbm365 Version-
Ui ≫ Nbm9 Version-
Ui ≫ Nsm2 Version-
Ui ≫ Nsm3 Version-
Ui ≫ Nsm365 Version-
Ui ≫ Nsm5 Version-
Ui ≫ Pbe-m2-400 Version-
Ui ≫ Pbe-m5-300 Version-
Ui ≫ Pbe-m5-300-iso Version-
Ui ≫ Pbe-m5-400 Version-
Ui ≫ Pbe-m5-400-iso Version-
Ui ≫ Pbe-m5-620 Version-
Ui ≫ Pbm10 Version-
Ui ≫ Pbm365 Version-
Ui ≫ Pbm5 Version-
Ui ≫ Picom2hp Version-
Ui ≫ Power Ap N Version-
Ui ≫ Rm2-ti Version-
Ui ≫ Rm5-ti Version-
Ui ≫ Ag-hp-2g20 Version-
Ui ≫ Ag-hp-5g23 Version-
Ui ≫ Ag-hp-5g27 Version-
Ui ≫ Airgrid M Version-
Ui ≫ Airgrid M2 Version-
Ui ≫ Airgrid M5 Version-
Ui ≫ Ar Version-
Ui ≫ Ar-hp Version-
Ui ≫ Bm2-ti Version-
Ui ≫ Bm2hp Version-
Ui ≫ Bm5-ti Version-
Ui ≫ Bm5hp Version-
Ui ≫ Is-m5 Version-
Ui ≫ Lbem5-23 Version-
Ui ≫ Litestation M5 Version-
Ui ≫ Locom2 Version-
Ui ≫ Locom5 Version-
Ui ≫ Locom9 Version-
Ui ≫ M2 Version-
Ui ≫ M3 Version-
Ui ≫ M365 Version-
Ui ≫ M5 Version-
Ui ≫ M900 Version-
Ui ≫ Nb-2g18 Version-
Ui ≫ Nb-5g22 Version-
Ui ≫ Nb-5g25 Version-
Ui ≫ Nbe-m2-13 Version-
Ui ≫ Nbe-m5-16 Version-
Ui ≫ Nbe-m5-19 Version-
Ui ≫ Nbm3 Version-
Ui ≫ Nbm365 Version-
Ui ≫ Nbm9 Version-
Ui ≫ Nsm2 Version-
Ui ≫ Nsm3 Version-
Ui ≫ Nsm365 Version-
Ui ≫ Nsm5 Version-
Ui ≫ Pbe-m2-400 Version-
Ui ≫ Pbe-m5-300 Version-
Ui ≫ Pbe-m5-300-iso Version-
Ui ≫ Pbe-m5-400 Version-
Ui ≫ Pbe-m5-400-iso Version-
Ui ≫ Pbe-m5-620 Version-
Ui ≫ Pbm10 Version-
Ui ≫ Pbm365 Version-
Ui ≫ Pbm5 Version-
Ui ≫ Picom2hp Version-
Ui ≫ Power Ap N Version-
Ui ≫ Rm2-ti Version-
Ui ≫ Rm5-ti Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.32% | 0.54 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.