mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-07-09 16:05:11 +00:00
408 lines
15 KiB
JSON
408 lines
15 KiB
JSON
{
|
|
"id": "CVE-2020-8171",
|
|
"sourceIdentifier": "support@hackerone.com",
|
|
"published": "2020-05-26T16:15:12.867",
|
|
"lastModified": "2024-11-21T05:38:25.893",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:There are certain end-points containing functionalities that are vulnerable to command injection. It is possible to craft an input string that passes the filter check but still contains commands, resulting in remote code execution.Mitigation:Update to the latest AirMax AirOS firmware version available at the AirMax download page."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Recientemente hemos publicado una nueva versi\u00f3n del firmware AirMax AirOS v6.3.0 para tarjetas TI, XW y XM que corrige las vulnerabilidades encontradas en AirMax AirOS versi\u00f3n v6.2.0 y las tarjetas TI, XW y XM anteriores, de acuerdo con la descripci\u00f3n a continuaci\u00f3n: Existen determinados endpoints que contienen funcionalidades que son vulnerables a una inyecci\u00f3n de comandos. Es posible crear una cadena de entrada que pase la comprobaci\u00f3n del filtro pero a\u00fan contenga comandos, lo que resulta en una ejecuci\u00f3n de c\u00f3digo remota. Mitigaci\u00f3n: Actualice a la \u00faltima versi\u00f3n del firmware AirMax AirOS disponible en la p\u00e1gina de descargas de AirMax."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"baseScore": 9.8,
|
|
"baseSeverity": "CRITICAL",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 5.9
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
|
"baseScore": 7.5,
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "PARTIAL"
|
|
},
|
|
"baseSeverity": "HIGH",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 6.4,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "support@hackerone.com",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-77"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-78"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:ui:airos:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "6.2.0",
|
|
"matchCriteriaId": "14775C80-4FEC-4AB7-84B5-37D904D3C5E9"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:ag-hp-2g16:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "09CFCDF4-4777-4396-8A21-54E88112FBA7"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:ag-hp-2g20:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "76C8F76F-96C6-4CCB-B074-F480536BE1B7"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:ag-hp-5g23:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B99DB5B8-2B06-4927-AC18-8335837D8DC8"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:ag-hp-5g27:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "29997A9C-F7FE-4362-BDD7-1261D9E60C4B"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:airgrid_m:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "30B67CE7-583F-47ED-9A5C-8AC3B80E9676"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:airgrid_m2:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BC9D7AA9-C3B9-4B8D-9D5B-B7725240A842"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:airgrid_m5:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0821D3FE-4778-4250-B5F1-B2F7840D0131"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:ar:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FF3DBAF1-F619-42A9-9312-091448E7EB8D"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:ar-hp:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FB79B749-7D3E-40D0-ADB0-BC390DA14216"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:bm2-ti:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "06558E9A-B576-4796-A3A2-66358AD0BFB7"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:bm2hp:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CFBA6127-C454-4765-8CD1-CDB6E4D6938A"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:bm5-ti:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2040040E-BBB5-4033-80E5-67E0A0E32723"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:bm5hp:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5667A48D-C588-454B-A28A-319BE5095276"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:is-m5:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A9170187-5D7F-4215-82F5-7E902319E8CC"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:lbem5-23:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "87195838-3C00-4C1B-9BC5-45D1C32C9548"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:litestation_m5:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "029185BF-E059-4BAB-BA25-D13C3554038D"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:locom2:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4EFFCEBE-7010-4A4E-ADAE-509C96594899"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:locom5:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4CA0F426-8CF7-4D1E-BE3A-1012310F1B8D"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:locom9:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "21BE866D-67DE-4A7A-9C61-31A38B8DCBBE"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:m2:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1EF74FCA-58EC-4A1C-9475-000BABAFA671"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:m3:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "351BA7A6-9750-492F-9484-2BA1784A1A97"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:m365:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CC237BF9-5FEA-419F-9316-F49E74C398E3"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:m5:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E3F11676-04AE-441A-BAAC-7E22BCB4F421"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:m900:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "084665F4-7125-486E-8184-29B434715E02"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:nb-2g18:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "671747BF-2AB5-420A-A5C8-5D33EE2216C9"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:nb-5g22:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B606C57E-13BB-4EA8-B832-060E6DEE3FB1"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:nb-5g25:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6B8E6E7B-9FC6-429E-9A63-CDCC62A4CA1E"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:nbe-m2-13:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "683210F2-F96B-47F8-B796-EA04BE5C9D0D"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:nbe-m5-16:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3CF4614F-3862-4000-B95E-2E2343DA0BED"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:nbe-m5-19:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B5BB0AFA-A398-4D32-AAA3-0525057C35ED"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:nbm3:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "70830B87-C7D2-4812-874F-5EDCC14B2B99"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:nbm365:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "06768237-EB1E-4CE1-8813-15BFE87EDE43"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:nbm9:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FAE21B65-33B4-4DF4-8704-ECFB9E07B9C6"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:nsm2:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7794C8C4-B809-4D82-951E-F91ECA5D3304"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:nsm3:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "84F0CF44-D51A-40DF-8F78-CD78D5B8F1DC"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:nsm365:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "150ECFE9-F8E0-4578-898D-CC26DCFDB6B7"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:nsm5:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6CFA8BF7-4437-42E4-87A7-F1561F5AA24F"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:pbe-m2-400:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2D981713-2759-46D0-9649-B8F6C565DE9B"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:pbe-m5-300:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "970B38DC-A7E8-4BB1-83B2-8F8D00A5D5ED"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:pbe-m5-300-iso:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D66A12E4-1301-4C98-BA91-F216D3860EE6"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:pbe-m5-400:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F413748F-5F99-459C-8A0D-A7D0EDC94032"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:pbe-m5-400-iso:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1EE7EAF6-0FE8-4BE7-9A15-F6E01040FE4B"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:pbe-m5-620:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CC32A168-2724-4AB2-8798-3044343A7B88"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:pbm10:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "250DE236-A85C-45CF-9FC2-05BE148C1349"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:pbm365:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8CEDBB81-A3A0-4986-8D8B-63B168700684"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:pbm5:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B3EEDFE5-4E73-4E49-8FD3-5178111ED0DA"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:picom2hp:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E28F153F-4105-46A0-9DF7-E627466324D5"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:power_ap_n:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6C85C7A4-9522-4661-9E6C-A539D1DAAC91"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:rm2-ti:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "80DD9F0F-C2C7-4CEE-A4DD-CF3A08822332"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:rm5-ti:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E57458C1-27D4-49E2-995F-E1E0F1868677"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://community.ui.com/releases/Security-advisory-bulletin-011-011/d0d411a5-6dcb-4988-9709-d57f50957261",
|
|
"source": "support@hackerone.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://community.ui.com/releases/airMAX-M-v6-3-0/c8d5dec9-4030-4d7e-b23f-6a5b35ed3d83",
|
|
"source": "support@hackerone.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.ui.com/download/airmax-m",
|
|
"source": "support@hackerone.com",
|
|
"tags": [
|
|
"Release Notes"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://community.ui.com/releases/Security-advisory-bulletin-011-011/d0d411a5-6dcb-4988-9709-d57f50957261",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://community.ui.com/releases/airMAX-M-v6-3-0/c8d5dec9-4030-4d7e-b23f-6a5b35ed3d83",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.ui.com/download/airmax-m",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Release Notes"
|
|
]
|
|
}
|
|
]
|
|
} |