CVE-2020-21883

Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a OS command injection vulnerability in /tools/ping, which can leads to complete device takeover.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:indionetworks:unibox_u50_firmware:2.4:*:*:*:*:*:*:*
cpe:2.3:h:indionetworks:unibox_u50:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:indionetworks:unibox_u500_firmware:2.4:*:*:*:*:*:*:*
cpe:2.3:h:indionetworks:unibox_u500:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:indionetworks:unibox_u1000_firmware:2.4:*:*:*:*:*:*:*
cpe:2.3:h:indionetworks:unibox_u1000:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:indionetworks:unibox_u2500_firmware:2.4:*:*:*:*:*:*:*
cpe:2.3:h:indionetworks:unibox_u2500:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:indionetworks:unibox_u5000_firmware:2.4:*:*:*:*:*:*:*
cpe:2.3:h:indionetworks:unibox_u5000:-:*:*:*:*:*:*:*

History

07 Nov 2023, 03:19

Type Values Removed Values Added
References
  • {'url': 'https://www.mail-archive.com/fulldisclosure@seclists.org/msg07140.html', 'name': 'https://www.mail-archive.com/fulldisclosure@seclists.org/msg07140.html', 'tags': ['Exploit', 'Third Party Advisory'], 'refsource': 'MISC'}
  • () https://www.mail-archive.com/fulldisclosure%40seclists.org/msg07140.html -

Information

Published : 2021-04-09 13:15

Updated : 2024-02-28 18:28


NVD link : CVE-2020-21883

Mitre link : CVE-2020-21883

CVE.ORG link : CVE-2020-21883


JSON object : View

Products Affected

indionetworks

  • unibox_u500
  • unibox_u1000
  • unibox_u5000_firmware
  • unibox_u1000_firmware
  • unibox_u50_firmware
  • unibox_u500_firmware
  • unibox_u50
  • unibox_u5000
  • unibox_u2500
  • unibox_u2500_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')