Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2020-16152

🗓️ 14 Nov 2021 20:08:26Reported by mitreType 
cve
 cve🔗 web.nvd.nist.gov👁 132 Views🌐 WEB

NetConfig UI admin interface allows PHP code execution via remote HTTP requests

Related
Detection
Refs
Paths
ReporterTitlePublishedViews
Family
0day.today		Aerohive NetConfig 10.0r8a Local File Inclusion / Remote Code Execution Exploit
15 Nov 202100:00
zdt
GithubExploit		Exploit for Inclusion of Functionality from Untrusted Control Sphere in Extremenetworks Aerohive_Netconfig
30 Aug 202012:18
githubexploit
ATTACKERKB		CVE-2020-16152
3 Sep 202000:00
attackerkb
Circl		CVE-2020-16152
11 Nov 202123:23
circl
CNNVD		Linux Administrative Tools for Intel Network Adapters 安全漏洞
12 Nov 202100:00
cnnvd
Check Point Advisories		Aerohive Networks HiveOS Remote Code Execution (CVE-2020-16152)
8 Dec 202100:00
checkpoint_advisories
Cvelist		CVE-2020-16152
14 Nov 202120:08
cvelist
Metasploit		Aerohive NetConfig 10.0r8a LFI and log poisoning to RCE
12 Nov 202117:42
metasploit
NVD		CVE-2020-16152
14 Nov 202121:15
nvd
Packet Storm		Aerohive NetConfig 10.0r8a Local File Inclusion / Remote Code Execution
12 Nov 202100:00
packetstorm
Rows per page
NVD
Node
extremenetworksaerohive_netconfigRange<10.0r8a
OR
extremenetworksaerohive_netconfigMatch10.0r8a-
OR
extremenetworksaerohive_netconfigMatch10.0r8abuild242466
ParameterPositionPathDescriptionCWE
login_authrequest bodylogin.php5Log poisoning and potential RCE via crafted login payload (LFI/log poisoning sequence leading to RCE).CWE-829
miniHiveUIrequest bodylogin.php5Log poisoning and potential RCE via crafted login payload (LFI/log poisoning sequence leading to RCE).CWE-829
authselectrequest bodylogin.php5Log poisoning and potential RCE via crafted login payload (LFI/log poisoning sequence leading to RCE).CWE-829
userNamerequest bodylogin.php5Log poisoning and potential RCE via crafted login payload (LFI/log poisoning sequence leading to RCE).CWE-829
passwordrequest bodylogin.php5Log poisoning and potential RCE via crafted login payload (LFI/log poisoning sequence leading to RCE).CWE-829
_pagerequest bodyaction.php5LFI trigger through path truncation to pull /tmp/messages for RCE after log poisoning.CWE-829

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Nov 2024 05:06Current
9.5High risk
Vulners AI Score9.5
CVSS 3.19.8
CVSS 210
EPSS0.84896
CWE-829
netconfiguiadministrative interfaceextreme networksextremewirelessaerohivehiveosiq enginecve-2020-16152php code executionremote http requestsroot user
132