CVE-2020-8171

EPSS 6.93%
Veröffentlicht 26.05.2020 16:15:12
Zuletzt bearbeitet 21.11.2024 05:38:25
Quelle support@hackerone.com
CVE-Watchlists
Login
Unerledigt
Login

We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:There are certain end-points containing functionalities that are vulnerable to command injection. It is possible to craft an input string that passes the filter check but still contains commands, resulting in remote code execution.Mitigation:Update to the latest AirMax AirOS firmware version available at the AirMax download page.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ui ≫ Airos Version <= 6.2.0

   Ui ≫ Ag-hp-2g16 Version-
   Ui ≫ Ag-hp-2g20 Version-
   Ui ≫ Ag-hp-5g23 Version-
   Ui ≫ Ag-hp-5g27 Version-
   Ui ≫ Airgrid M Version-
   Ui ≫ Airgrid M2 Version-
   Ui ≫ Airgrid M5 Version-
   Ui ≫ Ar Version-
   Ui ≫ Ar-hp Version-
   Ui ≫ Bm2-ti Version-
   Ui ≫ Bm2hp Version-
   Ui ≫ Bm5-ti Version-
   Ui ≫ Bm5hp Version-
   Ui ≫ Is-m5 Version-
   Ui ≫ Lbem5-23 Version-
   Ui ≫ Litestation M5 Version-
   Ui ≫ Locom2 Version-
   Ui ≫ Locom5 Version-
   Ui ≫ Locom9 Version-
   Ui ≫ M2 Version-
   Ui ≫ M3 Version-
   Ui ≫ M365 Version-
   Ui ≫ M5 Version-
   Ui ≫ M900 Version-
   Ui ≫ Nb-2g18 Version-
   Ui ≫ Nb-5g22 Version-
   Ui ≫ Nb-5g25 Version-
   Ui ≫ Nbe-m2-13 Version-
   Ui ≫ Nbe-m5-16 Version-
   Ui ≫ Nbe-m5-19 Version-
   Ui ≫ Nbm3 Version-
   Ui ≫ Nbm365 Version-
   Ui ≫ Nbm9 Version-
   Ui ≫ Nsm2 Version-
   Ui ≫ Nsm3 Version-
   Ui ≫ Nsm365 Version-
   Ui ≫ Nsm5 Version-
   Ui ≫ Pbe-m2-400 Version-
   Ui ≫ Pbe-m5-300 Version-
   Ui ≫ Pbe-m5-300-iso Version-
   Ui ≫ Pbe-m5-400 Version-
   Ui ≫ Pbe-m5-400-iso Version-
   Ui ≫ Pbe-m5-620 Version-
   Ui ≫ Pbm10 Version-
   Ui ≫ Pbm365 Version-
   Ui ≫ Pbm5 Version-
   Ui ≫ Picom2hp Version-
   Ui ≫ Power Ap N Version-
   Ui ≫ Rm2-ti Version-
   Ui ≫ Rm5-ti Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	6.93%	0.905

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

https://www.ui.com/download/airmax-m

Release Notes

https://community.ui.com/releases/airMAX-M-v6-3-0/c8d5dec9-4030-4d7e-b23f-6a5b35ed3d83

Vendor Advisory

https://community.ui.com/releases/Security-advisory-bulletin-011-011/d0d411a5-6dcb-4988-9709-d57f50957261

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-8171

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-8171

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-8171

EUVD