Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a OS command injection vulnerability in /tools/ping, which can leads to complete device takeover.
References
Link | Resource |
---|---|
http://wifi-soft.com | Vendor Advisory |
https://s3curityb3ast.github.io/KSA-Dev-009.txt | Exploit Third Party Advisory |
https://www.mail-archive.com/fulldisclosure%40seclists.org/msg07140.html |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
History
07 Nov 2023, 03:19
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2021-04-09 13:15
Updated : 2024-02-28 18:28
NVD link : CVE-2020-21883
Mitre link : CVE-2020-21883
CVE.ORG link : CVE-2020-21883
JSON object : View
Products Affected
indionetworks
- unibox_u500
- unibox_u1000
- unibox_u5000_firmware
- unibox_u1000_firmware
- unibox_u50_firmware
- unibox_u500_firmware
- unibox_u50
- unibox_u5000
- unibox_u2500
- unibox_u2500_firmware
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')