admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2020/CVE-2020-158xx/CVE-2020-15835.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

142 lines
4.3 KiB
JSON
Raw Blame History

{
"id": "CVE-2020-15835",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-02-01T02:15:15.160",
"lastModified": "2024-11-21T05:06:17.167",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function contains undocumented code that provides the ability to authenticate as root without knowing the actual root password. An adversary with the private key can remotely authenticate to the management interface as root."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en los dispositivos Mofi Network MOFI4500-4GXeLTE versi\u00f3n 4.1.5-std. La funci\u00f3n de autenticaci\u00f3n contiene c\u00f3digo no documentado que brinda la habilidad de autenticarse como root sin conocer la contrase\u00f1a de root real. Un adversario con la clave privada puede autenticarse remotamente en la interfaz de administraci\u00f3n como root"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"baseScore": 10.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:mofinetwork:mofi4500-4gxelte_firmware:4.1.5-std:*:*:*:*:*:*:*",
"matchCriteriaId": "5911A292-8014-4E5F-B408-0A5788193E78"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mofinetwork:mofi4500-4gxelte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C7B2A7E-0E09-412C-B540-9C5DFD16767D"
}
]
}
]
}
],
"references": [
{
"url": "https://mofinetwork.com/index.php?main_page=page&id=14",
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/",
"source": "cve@mitre.org",
"tags": [
"Technical Description",
"Third Party Advisory"
]
},
{
"url": "https://mofinetwork.com/index.php?main_page=page&id=14",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink