6.1
CVE-2020-8170
- EPSS 0.37%
- Veröffentlicht 26.05.2020 16:15:12
- Zuletzt bearbeitet 21.11.2024 05:38:25
- Quelle support@hackerone.com
- CVE-Watchlists
- Unerledigt
LoginWe have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:Multiple end-points with parameters vulnerable to reflected cross site scripting (XSS), allowing attackers to abuse the user' session information and/or account takeover of the admin user.Mitigation:Update to the latest AirMax AirOS firmware version available at the AirMax download page.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ui ≫ Airos Version <= 6.2.0
Ui ≫ Ag-hp-2g16 Version-
Ui ≫ Ag-hp-2g20 Version-
Ui ≫ Ag-hp-5g23 Version-
Ui ≫ Ag-hp-5g27 Version-
Ui ≫ Airgrid M Version-
Ui ≫ Airgrid M2 Version-
Ui ≫ Airgrid M5 Version-
Ui ≫ Ar Version-
Ui ≫ Ar-hp Version-
Ui ≫ Bm2-ti Version-
Ui ≫ Bm2hp Version-
Ui ≫ Bm5-ti Version-
Ui ≫ Bm5hp Version-
Ui ≫ Is-m5 Version-
Ui ≫ Lbem5-23 Version-
Ui ≫ Litestation M5 Version-
Ui ≫ Locom2 Version-
Ui ≫ Locom5 Version-
Ui ≫ Locom9 Version-
Ui ≫ M2 Version-
Ui ≫ M3 Version-
Ui ≫ M365 Version-
Ui ≫ M5 Version-
Ui ≫ M900 Version-
Ui ≫ Nb-2g18 Version-
Ui ≫ Nb-5g22 Version-
Ui ≫ Nb-5g25 Version-
Ui ≫ Nbe-m2-13 Version-
Ui ≫ Nbe-m5-16 Version-
Ui ≫ Nbe-m5-19 Version-
Ui ≫ Nbm3 Version-
Ui ≫ Nbm365 Version-
Ui ≫ Nbm9 Version-
Ui ≫ Nsm2 Version-
Ui ≫ Nsm3 Version-
Ui ≫ Nsm365 Version-
Ui ≫ Nsm5 Version-
Ui ≫ Pbe-m2-400 Version-
Ui ≫ Pbe-m5-300 Version-
Ui ≫ Pbe-m5-300-iso Version-
Ui ≫ Pbe-m5-400 Version-
Ui ≫ Pbe-m5-400-iso Version-
Ui ≫ Pbe-m5-620 Version-
Ui ≫ Pbm10 Version-
Ui ≫ Pbm365 Version-
Ui ≫ Pbm5 Version-
Ui ≫ Picom2hp Version-
Ui ≫ Power Ap N Version-
Ui ≫ Rm2-ti Version-
Ui ≫ Rm5-ti Version-
Ui ≫ Ag-hp-2g20 Version-
Ui ≫ Ag-hp-5g23 Version-
Ui ≫ Ag-hp-5g27 Version-
Ui ≫ Airgrid M Version-
Ui ≫ Airgrid M2 Version-
Ui ≫ Airgrid M5 Version-
Ui ≫ Ar Version-
Ui ≫ Ar-hp Version-
Ui ≫ Bm2-ti Version-
Ui ≫ Bm2hp Version-
Ui ≫ Bm5-ti Version-
Ui ≫ Bm5hp Version-
Ui ≫ Is-m5 Version-
Ui ≫ Lbem5-23 Version-
Ui ≫ Litestation M5 Version-
Ui ≫ Locom2 Version-
Ui ≫ Locom5 Version-
Ui ≫ Locom9 Version-
Ui ≫ M2 Version-
Ui ≫ M3 Version-
Ui ≫ M365 Version-
Ui ≫ M5 Version-
Ui ≫ M900 Version-
Ui ≫ Nb-2g18 Version-
Ui ≫ Nb-5g22 Version-
Ui ≫ Nb-5g25 Version-
Ui ≫ Nbe-m2-13 Version-
Ui ≫ Nbe-m5-16 Version-
Ui ≫ Nbe-m5-19 Version-
Ui ≫ Nbm3 Version-
Ui ≫ Nbm365 Version-
Ui ≫ Nbm9 Version-
Ui ≫ Nsm2 Version-
Ui ≫ Nsm3 Version-
Ui ≫ Nsm365 Version-
Ui ≫ Nsm5 Version-
Ui ≫ Pbe-m2-400 Version-
Ui ≫ Pbe-m5-300 Version-
Ui ≫ Pbe-m5-300-iso Version-
Ui ≫ Pbe-m5-400 Version-
Ui ≫ Pbe-m5-400-iso Version-
Ui ≫ Pbe-m5-620 Version-
Ui ≫ Pbm10 Version-
Ui ≫ Pbm365 Version-
Ui ≫ Pbm5 Version-
Ui ≫ Picom2hp Version-
Ui ≫ Power Ap N Version-
Ui ≫ Rm2-ti Version-
Ui ≫ Rm5-ti Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.37% | 0.581 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.