CVE-2020-15836

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function passes untrusted data to the operating system without proper sanitization. A crafted request can be sent to execute arbitrary commands as root...

CVE-2020-15832

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The poof.cgi script contains undocumented code that provides the ability to remotely reboot the device. An adversary with the private key but not the root password can remotely reboot the device...

CVE-2020-15834

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The wireless network password is exposed in a QR encoded picture that an unauthenticated adversary can download via the web-management interface...

Mofi Network MOFI4500-4GXeLTE 安全漏洞

The Mofi Network MOFI4500-4GXeLTE is a wireless router from Mofi Network. A remote reboot backdoor vulnerability exists in the Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices, which can be exploited by an attacker to reboot the device by accessing /cgi-bin/poof.cgi with a private key...

Mofi Network MOFI4500-4GXeLTE 安全漏洞

The Mofi Network MOFI4500-4GXeLTE is a wireless router from Mofi Network. An unauthorized RCE vulnerability exists in Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The vulnerability stems from the authentication function passing untrusted data to the operating system without proper destruction...