Lucene search
PRIOn knowledge basePRION:CVE-2020-25206HistoryJul 20, 2021 - 7:15 p.m.
Command injection
2021-07-2019:15:00
PRIOn knowledge base
www.prio-n.com
4
The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 allows authenticated command injection in the Throughput, WANStats, PhyStats, and QosStats API classes. An attacker with access to a web console account may execute operating system commands on affected devices by sending crafted POST requests to the affected endpoints (/core/api/calls/Throughput.php, /core/api/calls/WANStats.php, /core/api/calls/PhyStats.php, /core/api/calls/QosStats.php). This results in the complete takeover of the vulnerable device. This vulnerability does not occur in the older 1.5.x firmware versions.
| CPE | Name | Operator | Version |
|---|---|---|---|
| b5_firmware | ge | 1.5.2 | |
| b5_firmware | le | 2.8.0.3 | |
| b5c_firmware | ge | 1.5.2 | |
| b5c_firmware | lt | 2.8.1.0 | |
| c5c_firmware | ge | 1.5.2 | |
| c5c_firmware | lt | 2.8.1.0 |
Related
cve
cve
CVE-2020-25206
2021-07-20 19:15:09
checkpoint_advisories
checkpoint_advisories
Mimosa Devices Command Injection (CVE-2020-25206)
2021-08-16 00:00:00
cvelist
cvelist
CVE-2020-25206
2021-07-20 18:45:29
nvd
nvd
CVE-2020-25206
2021-07-20 19:15:09