Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2020-25206

Severity CVSS v4.0:
Pending analysis
Type:
CWE-78 OS Command Injections
Publication date:
20/07/2021
Last modified:
05/10/2022

Description

The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 allows authenticated command injection in the Throughput, WANStats, PhyStats, and QosStats API classes. An attacker with access to a web console account may execute operating system commands on affected devices by sending crafted POST requests to the affected endpoints (/core/api/calls/Throughput.php, /core/api/calls/WANStats.php, /core/api/calls/PhyStats.php, /core/api/calls/QosStats.php). This results in the complete takeover of the vulnerable device. This vulnerability does not occur in the older 1.5.x firmware versions.

Impact

Vector 3.x
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS v3.1 Severity and Metrics:

Base Score: 7.20 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Base Score 3.x
7.20
Severity 3.x
HIGH
Vector 2.0
AV:N/AC:L/Au:S/C:C/I:C/A:C CVSS v2.0 Severity and Metrics:

Base Score: 9.00 HIGH
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Attack Vector (AV): Network
Attack Complexity (AC): Low
Authentication (Au): Single
Confidentiality (C): Complete
Integrity (I): Complete
Availability (A): Complete

Base Score 2.0
9.00
Severity 2.0
HIGH

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:mimosa:b5_firmware:*:*:*:*:*:*:*:* 1.5.2 (including) 2.8.0.3 (including)
cpe:2.3:h:mimosa:b5:-:*:*:*:*:*:*:*
cpe:2.3:o:mimosa:b5c_firmware:*:*:*:*:*:*:*:* 1.5.2 (including) 2.8.1.0 (excluding)
cpe:2.3:h:mimosa:b5c:-:*:*:*:*:*:*:*
cpe:2.3:o:mimosa:c5c_firmware:*:*:*:*:*:*:*:* 1.5.2 (including) 2.8.1.0 (excluding)
cpe:2.3:h:mimosa:c5c:-:*:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools