6 matches found
CVE-2020-25206
The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 allows authenticated command injection in the Throughput, WANStats, PhyStats, and QosStats API classes. An attacker with access to a web console account may execute operating system commands on affected devices by sending crafte...
CVE-2020-25205
The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 is vulnerable to stored XSS in the setbanner function of /var/www/core/controller/index.php. An unauthenticated attacker may set the contents of the /mnt/jffs2/banner.txt file, stored on the device's filesystem, to contain...
CVE-2020-25205
The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 is vulnerable to stored XSS in the setbanner function of /var/www/core/controller/index.php. An unauthenticated attacker may set the contents of the /mnt/jffs2/banner.txt file, stored on the device's filesystem, to contain...
CVE-2020-25206
CVE-2020-25206 affects Mimosa B5/B5c/C5x firmware up to 2.8.0.2. The web console exposes authenticated command injection in Throughput.php, WANStats.php, PhyStats.php, and QosStats.php endpoints, enabling an attacker with web-console access to execute OS commands and take full control of the devi...
CVE-2020-25205
The CVE-2020-25205 vulnerability affects Mimosa PTP/M5/M5c/C5x firmware up to version 2.8.0.2. It is a stored cross-site scripting flaw in the web console’s set_banner() function located at /var/www/core/controller/index.php. An unauthenticated attacker can write arbitrary JavaScript to /mnt/jffs...
CVE-2020-25205
The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 is vulnerable to stored XSS in the setbanner function of /var/www/core/controller/index.php. An unauthenticated attacker may set the contents of the /mnt/jffs2/banner.txt file, stored on the device's filesystem, to contain...