Lucene search
+L

49 matches found

Prion
Prion
added 2023/09/08 3:15 a.m.14 views

Authentication flaw

An issue was discovered in MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 allows attackers to bypass the authentication and execute arbitrary code via crafted HTTP request...

7.5CVSS9.8AI score0.01041EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/09/08 12:0 a.m.4 views

MoFi Network MOFI4500-4GXeLTE-V2 Authorization Issues Vulnerability

The MoFi Network MOFI4500-4GXeLTE-V2 is a wireless router from MoFi Network Canada. A security vulnerability exists in the MoFi Network MOFI4500-4GXeLTE-V2 version 3.5.6-xnet-5052, which originates from a vulnerability that allows an attacker to bypass authentication and execute arbitrary code vi...

9.8CVSS7.8AI score0.01041EPSS
Exploits0References3
NVD
NVD
added 2021/02/01 2:15 a.m.10 views

CVE-2020-15834

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The wireless network password is exposed in a QR encoded picture that an unauthenticated adversary can download via the web-management interface...

7.5CVSS7.7AI score0.01114EPSS
Exploits0References2
NVD
NVD
added 2021/02/01 2:15 a.m.16 views

CVE-2020-15835

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function contains undocumented code that provides the ability to authenticate as root without knowing the actual root password. An adversary with the private key can remotely authenticate to the...

10CVSS9.7AI score0.01666EPSS
Exploits0References2
NVD
NVD
added 2021/02/01 2:15 a.m.16 views

CVE-2020-15836

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function passes untrusted data to the operating system without proper sanitization. A crafted request can be sent to execute arbitrary commands as root...

10CVSS9.9AI score0.02212EPSS
Exploits0References2
OSV
OSV
added 2021/02/01 2:15 a.m.3 views

CVE-2020-15836

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function passes untrusted data to the operating system without proper sanitization. A crafted request can be sent to execute arbitrary commands as root...

9.8CVSS7.5AI score0.02212EPSS
Exploits0References2
NVD
NVD
added 2021/02/01 2:15 a.m.15 views

CVE-2020-15833

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The Dropbear SSH daemon has been modified to accept an alternate hard-coded path to a public key that allows root access. This key is stored in a /rom location that cannot be modified by the device owner...

10CVSS9.3AI score0.01648EPSS
Exploits0References2
NVD
NVD
added 2021/02/01 2:15 a.m.12 views

CVE-2020-13859

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI - OpenWrt Configuration Interface framework, allows the undocumented system account mofidev to login to the cgi-bin/luci/quick/wizard management interfac...

9.8CVSS9.5AI score0.01178EPSS
Exploits0References2
OSV
OSV
added 2021/02/01 2:15 a.m.9 views

CVE-2020-15832

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The poof.cgi script contains undocumented code that provides the ability to remotely reboot the device. An adversary with the private key but not the root password can remotely reboot the device...

7.5CVSS7.2AI score0.0111EPSS
Exploits0References2
NVD
NVD
added 2021/02/01 2:15 a.m.12 views

CVE-2020-13860

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. The one-time password algorithm for the undocumented system account mofidev generates a predictable six-digit password...

7.5CVSS7.7AI score0.01081EPSS
Exploits0References2
NVD
NVD
added 2021/02/01 2:15 a.m.12 views

CVE-2020-15832

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The poof.cgi script contains undocumented code that provides the ability to remotely reboot the device. An adversary with the private key but not the root password can remotely reboot the device...

7.8CVSS7.6AI score0.0111EPSS
Exploits0References2
OSV
OSV
added 2021/02/01 2:15 a.m.4 views

CVE-2020-13857

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They can be rebooted by sending an unauthenticated poof.cgi HTTP GET request...

7.5CVSS7.1AI score0.0111EPSS
Exploits0References2
Prion
Prion
added 2021/02/01 2:15 a.m.12 views

Design/Logic Flaw

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. Authentication is not required to download the support file that contains sensitive information such as cleartext credentials and password hashes...

5CVSS7.5AI score0.01164EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/02/01 2:15 a.m.15 views

Design/Logic Flaw

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI - OpenWrt Configuration Interface framework, allows the undocumented system account mofidev to login to the cgi-bin/luci/quick/wizard management interfac...

5CVSS9.3AI score0.01178EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/02/01 2:15 a.m.16 views

Authentication flaw

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function passes untrusted data to the operating system without proper sanitization. A crafted request can be sent to execute arbitrary commands as root...

10CVSS9.8AI score0.02212EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/02/01 2:15 a.m.15 views

Default credentials

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. The one-time password algorithm for the undocumented system account mofidev generates a predictable six-digit password...

5CVSS7.7AI score0.01081EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/02/01 2:15 a.m.15 views

Hardcoded credentials

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The Dropbear SSH daemon has been modified to accept an alternate hard-coded path to a public key that allows root access. This key is stored in a /rom location that cannot be modified by the device owner...

10CVSS9.2AI score0.01648EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/02/01 2:15 a.m.14 views

Cross site request forgery (csrf)

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They can be rebooted by sending an unauthenticated poof.cgi HTTP GET request...

7.8CVSS7.7AI score0.0111EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/02/01 2:15 a.m.19 views

Default credentials

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The poof.cgi script contains undocumented code that provides the ability to remotely reboot the device. An adversary with the private key but not the root password can remotely reboot the device...

7.8CVSS7.6AI score0.0111EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/02/01 1:45 a.m.67 views

CVE-2020-13858

CVE-2020-13858 affects Mofi Network MOFI4500-4GXeLTE devices running 3.6.1-std and 4.0.8-std. The issue stems from two undocumented administrator accounts (sftp and mofidev) defined in /etc/passwd, with passwords not unique across installations. This creates potential unauthorized access risk to ...

9.8CVSS9.4AI score0.01397EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder