Vulnerabilites related to mofinetwork - mofi4500-4gxelte_firmware
Vulnerability from fkie_nvd
Published
2021-02-01 02:15
Modified
2024-11-21 05:06
Severity ?
Summary
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The wireless network password is exposed in a QR encoded picture that an unauthenticated adversary can download via the web-management interface.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://mofinetwork.com/index.php?main_page=page&id=14 | Patch, Vendor Advisory | |
| cve@mitre.org | https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/ | Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mofinetwork.com/index.php?main_page=page&id=14 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/ | Technical Description, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mofinetwork | mofi4500-4gxelte_firmware | 4.1.5-std | |
| mofinetwork | mofi4500-4gxelte | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mofinetwork:mofi4500-4gxelte_firmware:4.1.5-std:*:*:*:*:*:*:*",
"matchCriteriaId": "5911A292-8014-4E5F-B408-0A5788193E78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mofinetwork:mofi4500-4gxelte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C7B2A7E-0E09-412C-B540-9C5DFD16767D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The wireless network password is exposed in a QR encoded picture that an unauthenticated adversary can download via the web-management interface."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en los dispositivos Mofi Network MOFI4500-4GXeLTE versi\u00f3n 4.1.5-std.\u0026#xa0;La contrase\u00f1a de la red inal\u00e1mbrica es expuesta en una imagen codificada QR que un adversario no autenticado puede descargar por medio de la interfaz de administraci\u00f3n web"
}
],
"id": "CVE-2020-15834",
"lastModified": "2024-11-21T05:06:17.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-01T02:15:15.050",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-01 02:15
Modified
2024-11-21 05:02
Severity ?
Summary
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. Authentication is not required to download the support file that contains sensitive information such as cleartext credentials and password hashes.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://mofinetwork.com/index.php?main_page=page&id=14 | Patch, Vendor Advisory | |
| cve@mitre.org | https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/ | Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mofinetwork.com/index.php?main_page=page&id=14 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/ | Technical Description, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mofinetwork | mofi4500-4gxelte_firmware | 4.0.8-std | |
| mofinetwork | mofi4500-4gxelte | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mofinetwork:mofi4500-4gxelte_firmware:4.0.8-std:*:*:*:*:*:*:*",
"matchCriteriaId": "B22253CC-AFEF-4A42-8ED9-5B5348F5937A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mofinetwork:mofi4500-4gxelte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C7B2A7E-0E09-412C-B540-9C5DFD16767D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. Authentication is not required to download the support file that contains sensitive information such as cleartext credentials and password hashes."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en los dispositivos Mofi Network MOFI4500-4GXeLTE versi\u00f3n 4.0.8-std.\u0026#xa0;No se requiere autenticaci\u00f3n para descargar el archivo de soporte que contiene informaci\u00f3n confidencial, como credenciales de texto sin cifrar y hashes de contrase\u00f1a"
}
],
"id": "CVE-2020-13856",
"lastModified": "2024-11-21T05:02:01.097",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-01T02:15:12.517",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-01 02:15
Modified
2024-11-21 05:06
Severity ?
Summary
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The Dropbear SSH daemon has been modified to accept an alternate hard-coded path to a public key that allows root access. This key is stored in a /rom location that cannot be modified by the device owner.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://mofinetwork.com/index.php?main_page=page&id=14 | Patch, Vendor Advisory | |
| cve@mitre.org | https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/ | Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mofinetwork.com/index.php?main_page=page&id=14 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/ | Technical Description, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mofinetwork | mofi4500-4gxelte_firmware | 4.1.5-std | |
| mofinetwork | mofi4500-4gxelte | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mofinetwork:mofi4500-4gxelte_firmware:4.1.5-std:*:*:*:*:*:*:*",
"matchCriteriaId": "5911A292-8014-4E5F-B408-0A5788193E78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mofinetwork:mofi4500-4gxelte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C7B2A7E-0E09-412C-B540-9C5DFD16767D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The Dropbear SSH daemon has been modified to accept an alternate hard-coded path to a public key that allows root access. This key is stored in a /rom location that cannot be modified by the device owner."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en los dispositivos Mofi Network MOFI4500-4GXeLTE versi\u00f3n 4.1.5-std.\u0026#xa0;El demonio Dropbear SSH ha sido modificado para aceptar una ruta alternativa embebida para una clave p\u00fablica que permite el acceso root.\u0026#xa0;Esta clave es almacenada en una ubicaci\u00f3n /rom que no puede ser modificada por el propietario del dispositivo"
}
],
"id": "CVE-2020-15833",
"lastModified": "2024-11-21T05:06:16.880",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-01T02:15:14.987",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-01 02:15
Modified
2024-11-21 05:06
Severity ?
Summary
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function passes untrusted data to the operating system without proper sanitization. A crafted request can be sent to execute arbitrary commands as root.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://mofinetwork.com/index.php?main_page=page&id=14 | Patch, Vendor Advisory | |
| cve@mitre.org | https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/ | Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mofinetwork.com/index.php?main_page=page&id=14 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/ | Technical Description, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mofinetwork | mofi4500-4gxelte_firmware | 4.1.5-std | |
| mofinetwork | mofi4500-4gxelte | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mofinetwork:mofi4500-4gxelte_firmware:4.1.5-std:*:*:*:*:*:*:*",
"matchCriteriaId": "5911A292-8014-4E5F-B408-0A5788193E78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mofinetwork:mofi4500-4gxelte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C7B2A7E-0E09-412C-B540-9C5DFD16767D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function passes untrusted data to the operating system without proper sanitization. A crafted request can be sent to execute arbitrary commands as root."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en los dispositivos Mofi Network MOFI4500-4GXeLTE versi\u00f3n 4.1.5-std.\u0026#xa0;La funci\u00f3n de autenticaci\u00f3n pasa datos que no son confiables al sistema operativo sin un saneamiento apropiado. Puede ser enviado una petici\u00f3n dise\u00f1ada para ejecutar comandos arbitrarios como root"
}
],
"id": "CVE-2020-15836",
"lastModified": "2024-11-21T05:06:17.313",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-01T02:15:15.253",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-01 02:15
Modified
2024-11-21 05:02
Severity ?
Summary
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI - OpenWrt Configuration Interface framework, allows the undocumented system account mofidev to login to the cgi-bin/luci/quick/wizard management interface without a password by abusing a forgotten-password feature.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://mofinetwork.com/index.php?main_page=page&id=14 | Patch, Vendor Advisory | |
| cve@mitre.org | https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/ | Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mofinetwork.com/index.php?main_page=page&id=14 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/ | Technical Description, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mofinetwork | mofi4500-4gxelte_firmware | 4.0.8-std | |
| mofinetwork | mofi4500-4gxelte | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mofinetwork:mofi4500-4gxelte_firmware:4.0.8-std:*:*:*:*:*:*:*",
"matchCriteriaId": "B22253CC-AFEF-4A42-8ED9-5B5348F5937A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mofinetwork:mofi4500-4gxelte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C7B2A7E-0E09-412C-B540-9C5DFD16767D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI - OpenWrt Configuration Interface framework, allows the undocumented system account mofidev to login to the cgi-bin/luci/quick/wizard management interface without a password by abusing a forgotten-password feature."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en los dispositivos Mofi Network MOFI4500-4GXeLTE versi\u00f3n 4.0.8-std.\u0026#xa0;Un error de formato en el archivo /etc/shadow, junto con un error l\u00f3gico en el framework de la interfaz de configuraci\u00f3n de LuCI - OpenWrt, permite a la cuenta de sistema no documentada mofidev iniciar sesi\u00f3n en la interfaz de administraci\u00f3n cgi-bin/luci/quick/wizard sin una contrase\u00f1a al abusar de una funcionalidad forgotten-password"
}
],
"id": "CVE-2020-13859",
"lastModified": "2024-11-21T05:02:01.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-01T02:15:14.800",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
},
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-01 02:15
Modified
2024-11-21 05:06
Severity ?
Summary
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The poof.cgi script contains undocumented code that provides the ability to remotely reboot the device. An adversary with the private key (but not the root password) can remotely reboot the device.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://mofinetwork.com/index.php?main_page=page&id=14 | Patch, Vendor Advisory | |
| cve@mitre.org | https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/ | Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mofinetwork.com/index.php?main_page=page&id=14 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/ | Technical Description, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mofinetwork | mofi4500-4gxelte_firmware | 4.1.5-std | |
| mofinetwork | mofi4500-4gxelte | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mofinetwork:mofi4500-4gxelte_firmware:4.1.5-std:*:*:*:*:*:*:*",
"matchCriteriaId": "5911A292-8014-4E5F-B408-0A5788193E78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mofinetwork:mofi4500-4gxelte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C7B2A7E-0E09-412C-B540-9C5DFD16767D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The poof.cgi script contains undocumented code that provides the ability to remotely reboot the device. An adversary with the private key (but not the root password) can remotely reboot the device."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en los dispositivos Mofi Network MOFI4500-4GXeLTE versi\u00f3n 4.1.5-std.\u0026#xa0;El script poof.cgi contiene un c\u00f3digo no documentado que brinda la capacidad de reiniciar el dispositivo remotamente.\u0026#xa0;Un adversario con la clave privada (pero sin la contrase\u00f1a root) puede reiniciar el dispositivo remotamente"
}
],
"id": "CVE-2020-15832",
"lastModified": "2024-11-21T05:06:16.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-01T02:15:14.927",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-01 02:15
Modified
2024-11-21 05:02
Severity ?
Summary
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They can be rebooted by sending an unauthenticated poof.cgi HTTP GET request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://mofinetwork.com/index.php?main_page=page&id=14 | Patch, Vendor Advisory | |
| cve@mitre.org | https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/ | Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mofinetwork.com/index.php?main_page=page&id=14 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/ | Technical Description, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mofinetwork | mofi4500-4gxelte_firmware | 3.6.1-std | |
| mofinetwork | mofi4500-4gxelte_firmware | 4.0.8-std | |
| mofinetwork | mofi4500-4gxelte_firmware | 4.1.5-std | |
| mofinetwork | mofi4500-4gxelte | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mofinetwork:mofi4500-4gxelte_firmware:3.6.1-std:*:*:*:*:*:*:*",
"matchCriteriaId": "463B2553-576A-4A4B-9960-AEDA9985FB98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mofinetwork:mofi4500-4gxelte_firmware:4.0.8-std:*:*:*:*:*:*:*",
"matchCriteriaId": "B22253CC-AFEF-4A42-8ED9-5B5348F5937A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mofinetwork:mofi4500-4gxelte_firmware:4.1.5-std:*:*:*:*:*:*:*",
"matchCriteriaId": "5911A292-8014-4E5F-B408-0A5788193E78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mofinetwork:mofi4500-4gxelte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C7B2A7E-0E09-412C-B540-9C5DFD16767D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They can be rebooted by sending an unauthenticated poof.cgi HTTP GET request."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en los dispositivos Mofi Network MOFI4500-4GXeLTE versiones 3.6.1-std y 4.0.8-std.\u0026#xa0;Se pueden reiniciar mediante el envi\u00f3 de una petici\u00f3n no autenticada HTTP GET del archivo poof.cgi"
}
],
"id": "CVE-2020-13857",
"lastModified": "2024-11-21T05:02:01.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-01T02:15:13.707",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-01 02:15
Modified
2024-11-21 05:02
Severity ?
Summary
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They contain two undocumented administrator accounts. The sftp and mofidev accounts are defined in /etc/passwd and the password is not unique across installations.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://mofinetwork.com/index.php?main_page=page&id=14 | Patch, Vendor Advisory | |
| cve@mitre.org | https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/ | Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mofinetwork.com/index.php?main_page=page&id=14 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/ | Technical Description, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mofinetwork | mofi4500-4gxelte_firmware | 3.6.1-std | |
| mofinetwork | mofi4500-4gxelte_firmware | 4.0.8-std | |
| mofinetwork | mofi4500-4gxelte | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mofinetwork:mofi4500-4gxelte_firmware:3.6.1-std:*:*:*:*:*:*:*",
"matchCriteriaId": "463B2553-576A-4A4B-9960-AEDA9985FB98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mofinetwork:mofi4500-4gxelte_firmware:4.0.8-std:*:*:*:*:*:*:*",
"matchCriteriaId": "B22253CC-AFEF-4A42-8ED9-5B5348F5937A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mofinetwork:mofi4500-4gxelte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C7B2A7E-0E09-412C-B540-9C5DFD16767D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They contain two undocumented administrator accounts. The sftp and mofidev accounts are defined in /etc/passwd and the password is not unique across installations."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en los dispositivos Mofi Network MOFI4500-4GXeLTE versiones 3.6.1-std y 4.0.8-std.\u0026#xa0;Contienen dos cuentas de administrador no documentadas.\u0026#xa0;Las cuentas sftp y mofidev se definen en /etc/passwd y la contrase\u00f1a no es \u00fanica en todas las instalaciones"
}
],
"id": "CVE-2020-13858",
"lastModified": "2024-11-21T05:02:01.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-01T02:15:14.707",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-01 02:15
Modified
2024-11-21 05:06
Severity ?
Summary
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function contains undocumented code that provides the ability to authenticate as root without knowing the actual root password. An adversary with the private key can remotely authenticate to the management interface as root.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://mofinetwork.com/index.php?main_page=page&id=14 | Patch, Vendor Advisory | |
| cve@mitre.org | https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/ | Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mofinetwork.com/index.php?main_page=page&id=14 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/ | Technical Description, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mofinetwork | mofi4500-4gxelte_firmware | 4.1.5-std | |
| mofinetwork | mofi4500-4gxelte | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mofinetwork:mofi4500-4gxelte_firmware:4.1.5-std:*:*:*:*:*:*:*",
"matchCriteriaId": "5911A292-8014-4E5F-B408-0A5788193E78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mofinetwork:mofi4500-4gxelte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C7B2A7E-0E09-412C-B540-9C5DFD16767D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function contains undocumented code that provides the ability to authenticate as root without knowing the actual root password. An adversary with the private key can remotely authenticate to the management interface as root."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en los dispositivos Mofi Network MOFI4500-4GXeLTE versi\u00f3n 4.1.5-std.\u0026#xa0;La funci\u00f3n de autenticaci\u00f3n contiene c\u00f3digo no documentado que brinda la habilidad de autenticarse como root sin conocer la contrase\u00f1a de root real.\u0026#xa0;Un adversario con la clave privada puede autenticarse remotamente en la interfaz de administraci\u00f3n como root"
}
],
"id": "CVE-2020-15835",
"lastModified": "2024-11-21T05:06:17.167",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-01T02:15:15.160",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-01 02:15
Modified
2024-11-21 05:02
Severity ?
Summary
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. The one-time password algorithm for the undocumented system account mofidev generates a predictable six-digit password.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://mofinetwork.com/index.php?main_page=page&id=14 | Patch, Vendor Advisory | |
| cve@mitre.org | https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/ | Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mofinetwork.com/index.php?main_page=page&id=14 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/ | Technical Description, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mofinetwork | mofi4500-4gxelte_firmware | 4.0.8-std | |
| mofinetwork | mofi4500-4gxelte | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mofinetwork:mofi4500-4gxelte_firmware:4.0.8-std:*:*:*:*:*:*:*",
"matchCriteriaId": "B22253CC-AFEF-4A42-8ED9-5B5348F5937A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mofinetwork:mofi4500-4gxelte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C7B2A7E-0E09-412C-B540-9C5DFD16767D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. The one-time password algorithm for the undocumented system account mofidev generates a predictable six-digit password."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en los dispositivos Mofi Network MOFI4500-4GXeLTE versi\u00f3n 4.0.8-std.\u0026#xa0;El algoritmo de contrase\u00f1a de un solo uso para la cuenta de sistema no documentada mofidev genera una contrase\u00f1a predecible de seis d\u00edgitos"
}
],
"id": "CVE-2020-13860",
"lastModified": "2024-11-21T05:02:01.707",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-01T02:15:14.847",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-13859 (GCVE-0-2020-13859)
Vulnerability from cvelistv5
Published
2021-02-01 01:27
Modified
2024-08-04 12:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI - OpenWrt Configuration Interface framework, allows the undocumented system account mofidev to login to the cgi-bin/luci/quick/wizard management interface without a password by abusing a forgotten-password feature.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mofinetwork.com/index.php?main_page=page&id=14 | x_refsource_MISC | |
| https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:32:14.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI - OpenWrt Configuration Interface framework, allows the undocumented system account mofidev to login to the cgi-bin/luci/quick/wizard management interface without a password by abusing a forgotten-password feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-01T01:27:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13859",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI - OpenWrt Configuration Interface framework, allows the undocumented system account mofidev to login to the cgi-bin/luci/quick/wizard management interface without a password by abusing a forgotten-password feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mofinetwork.com/index.php?main_page=page\u0026id=14",
"refsource": "MISC",
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"name": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/",
"refsource": "MISC",
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13859",
"datePublished": "2021-02-01T01:27:07",
"dateReserved": "2020-06-04T00:00:00",
"dateUpdated": "2024-08-04T12:32:14.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15835 (GCVE-0-2020-15835)
Vulnerability from cvelistv5
Published
2021-02-01 01:42
Modified
2024-08-04 13:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function contains undocumented code that provides the ability to authenticate as root without knowing the actual root password. An adversary with the private key can remotely authenticate to the management interface as root.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mofinetwork.com/index.php?main_page=page&id=14 | x_refsource_MISC | |
| https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:30:22.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function contains undocumented code that provides the ability to authenticate as root without knowing the actual root password. An adversary with the private key can remotely authenticate to the management interface as root."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-01T01:42:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function contains undocumented code that provides the ability to authenticate as root without knowing the actual root password. An adversary with the private key can remotely authenticate to the management interface as root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mofinetwork.com/index.php?main_page=page\u0026id=14",
"refsource": "MISC",
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"name": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/",
"refsource": "MISC",
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15835",
"datePublished": "2021-02-01T01:42:32",
"dateReserved": "2020-07-19T00:00:00",
"dateUpdated": "2024-08-04T13:30:22.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15834 (GCVE-0-2020-15834)
Vulnerability from cvelistv5
Published
2021-02-01 01:41
Modified
2024-08-04 13:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The wireless network password is exposed in a QR encoded picture that an unauthenticated adversary can download via the web-management interface.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mofinetwork.com/index.php?main_page=page&id=14 | x_refsource_MISC | |
| https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:30:22.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The wireless network password is exposed in a QR encoded picture that an unauthenticated adversary can download via the web-management interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-01T01:41:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15834",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The wireless network password is exposed in a QR encoded picture that an unauthenticated adversary can download via the web-management interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mofinetwork.com/index.php?main_page=page\u0026id=14",
"refsource": "MISC",
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"name": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/",
"refsource": "MISC",
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15834",
"datePublished": "2021-02-01T01:41:31",
"dateReserved": "2020-07-19T00:00:00",
"dateUpdated": "2024-08-04T13:30:22.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15833 (GCVE-0-2020-15833)
Vulnerability from cvelistv5
Published
2021-02-01 01:39
Modified
2024-08-04 13:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The Dropbear SSH daemon has been modified to accept an alternate hard-coded path to a public key that allows root access. This key is stored in a /rom location that cannot be modified by the device owner.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mofinetwork.com/index.php?main_page=page&id=14 | x_refsource_MISC | |
| https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:30:21.817Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The Dropbear SSH daemon has been modified to accept an alternate hard-coded path to a public key that allows root access. This key is stored in a /rom location that cannot be modified by the device owner."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-01T01:39:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15833",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The Dropbear SSH daemon has been modified to accept an alternate hard-coded path to a public key that allows root access. This key is stored in a /rom location that cannot be modified by the device owner."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mofinetwork.com/index.php?main_page=page\u0026id=14",
"refsource": "MISC",
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"name": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/",
"refsource": "MISC",
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15833",
"datePublished": "2021-02-01T01:39:35",
"dateReserved": "2020-07-19T00:00:00",
"dateUpdated": "2024-08-04T13:30:21.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15836 (GCVE-0-2020-15836)
Vulnerability from cvelistv5
Published
2021-02-01 01:44
Modified
2024-08-04 13:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function passes untrusted data to the operating system without proper sanitization. A crafted request can be sent to execute arbitrary commands as root.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mofinetwork.com/index.php?main_page=page&id=14 | x_refsource_MISC | |
| https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:30:22.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function passes untrusted data to the operating system without proper sanitization. A crafted request can be sent to execute arbitrary commands as root."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-01T01:44:26",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function passes untrusted data to the operating system without proper sanitization. A crafted request can be sent to execute arbitrary commands as root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mofinetwork.com/index.php?main_page=page\u0026id=14",
"refsource": "MISC",
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"name": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/",
"refsource": "MISC",
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15836",
"datePublished": "2021-02-01T01:44:26",
"dateReserved": "2020-07-19T00:00:00",
"dateUpdated": "2024-08-04T13:30:22.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13860 (GCVE-0-2020-13860)
Vulnerability from cvelistv5
Published
2021-02-01 01:33
Modified
2024-08-04 12:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. The one-time password algorithm for the undocumented system account mofidev generates a predictable six-digit password.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mofinetwork.com/index.php?main_page=page&id=14 | x_refsource_MISC | |
| https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:32:13.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. The one-time password algorithm for the undocumented system account mofidev generates a predictable six-digit password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-01T01:33:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. The one-time password algorithm for the undocumented system account mofidev generates a predictable six-digit password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mofinetwork.com/index.php?main_page=page\u0026id=14",
"refsource": "MISC",
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"name": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/",
"refsource": "MISC",
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13860",
"datePublished": "2021-02-01T01:33:35",
"dateReserved": "2020-06-04T00:00:00",
"dateUpdated": "2024-08-04T12:32:13.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13858 (GCVE-0-2020-13858)
Vulnerability from cvelistv5
Published
2021-02-01 01:45
Modified
2024-08-04 12:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They contain two undocumented administrator accounts. The sftp and mofidev accounts are defined in /etc/passwd and the password is not unique across installations.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mofinetwork.com/index.php?main_page=page&id=14 | x_refsource_MISC | |
| https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:32:13.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They contain two undocumented administrator accounts. The sftp and mofidev accounts are defined in /etc/passwd and the password is not unique across installations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-01T01:45:44",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13858",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They contain two undocumented administrator accounts. The sftp and mofidev accounts are defined in /etc/passwd and the password is not unique across installations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mofinetwork.com/index.php?main_page=page\u0026id=14",
"refsource": "MISC",
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"name": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/",
"refsource": "MISC",
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13858",
"datePublished": "2021-02-01T01:45:44",
"dateReserved": "2020-06-04T00:00:00",
"dateUpdated": "2024-08-04T12:32:13.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15832 (GCVE-0-2020-15832)
Vulnerability from cvelistv5
Published
2021-02-01 01:36
Modified
2024-08-04 13:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The poof.cgi script contains undocumented code that provides the ability to remotely reboot the device. An adversary with the private key (but not the root password) can remotely reboot the device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mofinetwork.com/index.php?main_page=page&id=14 | x_refsource_MISC | |
| https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:30:21.867Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The poof.cgi script contains undocumented code that provides the ability to remotely reboot the device. An adversary with the private key (but not the root password) can remotely reboot the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-01T01:36:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The poof.cgi script contains undocumented code that provides the ability to remotely reboot the device. An adversary with the private key (but not the root password) can remotely reboot the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mofinetwork.com/index.php?main_page=page\u0026id=14",
"refsource": "MISC",
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"name": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/",
"refsource": "MISC",
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15832",
"datePublished": "2021-02-01T01:36:34",
"dateReserved": "2020-07-19T00:00:00",
"dateUpdated": "2024-08-04T13:30:21.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13856 (GCVE-0-2020-13856)
Vulnerability from cvelistv5
Published
2021-02-01 01:18
Modified
2024-08-04 12:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. Authentication is not required to download the support file that contains sensitive information such as cleartext credentials and password hashes.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mofinetwork.com/index.php?main_page=page&id=14 | x_refsource_MISC | |
| https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:32:13.138Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. Authentication is not required to download the support file that contains sensitive information such as cleartext credentials and password hashes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-01T01:18:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13856",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. Authentication is not required to download the support file that contains sensitive information such as cleartext credentials and password hashes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mofinetwork.com/index.php?main_page=page\u0026id=14",
"refsource": "MISC",
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"name": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/",
"refsource": "MISC",
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13856",
"datePublished": "2021-02-01T01:18:06",
"dateReserved": "2020-06-04T00:00:00",
"dateUpdated": "2024-08-04T12:32:13.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13857 (GCVE-0-2020-13857)
Vulnerability from cvelistv5
Published
2021-02-01 01:16
Modified
2024-08-04 12:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They can be rebooted by sending an unauthenticated poof.cgi HTTP GET request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mofinetwork.com/index.php?main_page=page&id=14 | x_refsource_MISC | |
| https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:32:14.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They can be rebooted by sending an unauthenticated poof.cgi HTTP GET request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-01T01:16:47",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13857",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They can be rebooted by sending an unauthenticated poof.cgi HTTP GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mofinetwork.com/index.php?main_page=page\u0026id=14",
"refsource": "MISC",
"url": "https://mofinetwork.com/index.php?main_page=page\u0026id=14"
},
{
"name": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/",
"refsource": "MISC",
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13857",
"datePublished": "2021-02-01T01:16:47",
"dateReserved": "2020-06-04T00:00:00",
"dateUpdated": "2024-08-04T12:32:14.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}