CVE-2020-15832

{"id": "CVE-2020-15832", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-02-01T02:15:14.927", "references": [{"url": "https://mofinetwork.com/index.php?main_page=page&id=14", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/", "tags": ["Technical Description", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The poof.cgi script contains undocumented code that provides the ability to remotely reboot the device. An adversary with the private key (but not the root password) can remotely reboot the device."}, {"lang": "es", "value": "Se detect\u00f3 un problema en los dispositivos Mofi Network MOFI4500-4GXeLTE versi\u00f3n 4.1.5-std. El script poof.cgi contiene un c\u00f3digo no documentado que brinda la capacidad de reiniciar el dispositivo remotamente. Un adversario con la clave privada (pero sin la contrase\u00f1a root) puede reiniciar el dispositivo remotamente"}], "lastModified": "2021-02-04T15:36:48.533", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mofinetwork:mofi4500-4gxelte_firmware:4.1.5-std:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5911A292-8014-4E5F-B408-0A5788193E78"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mofinetwork:mofi4500-4gxelte:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8C7B2A7E-0E09-412C-B540-9C5DFD16767D"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}