Mofi4500-4gxelte Firmware@4.0.8-std Security Vulnerabilities and Issues — Mofi4500-4gxelte Firmware@4.0.8-std CVE List

Lucene search

MofinetworkMofi4500-4gxelte Firmware4.0.8-std

5 matches found

CVE•added 2021/02/01 2:15 a.m.•55 views

CVE-2020-13856

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. Authentication is not required to download the support file that contains sensitive information such as cleartext credentials and password hashes.

7.5CVSS7.5AI score0.0029EPSS

CVE•added 2021/02/01 2:15 a.m.•55 views

CVE-2020-13858

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They contain two undocumented administrator accounts. The sftp and mofidev accounts are defined in /etc/passwd and the password is not unique across installations.

9.8CVSS9.4AI score0.00492EPSS

CVE•added 2021/02/01 2:15 a.m.•51 views

CVE-2020-13857

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They can be rebooted by sending an unauthenticated poof.cgi HTTP GET request.

7.8CVSS7.6AI score0.00368EPSS

CVE•added 2021/02/01 2:15 a.m.•51 views

CVE-2020-13860

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. The one-time password algorithm for the undocumented system account mofidev generates a predictable six-digit password.

7.5CVSS7.6AI score0.00322EPSS

CVE•added 2021/02/01 2:15 a.m.•48 views

CVE-2020-13859

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI - OpenWrt Configuration Interface framework, allows the undocumented system account mofidev to login to the cgi-bin/luci/quick/wizard management interface ...

9.8CVSS9.3AI score0.0034EPSS