CRITICAL🇬🇧 English

CVE-2020-16152

CVSS 9.8v3.1pub. 2021-11-14upd. 2024-11-21

The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Extremenetworks Aerohive Netconfig

    HW
    Extremenetworks
    10.0r8a< 10.0r8a
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2024-38292CRITICAL9.8PL ✓ten sam vendor

Path traversal w Extreme Networks XIQ-SE umożliwiający privilege escalation

CVE-2023-43119CRITICAL9.8ten sam vendor

An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also fixed in 22....

CVE-2023-35803CRITICAL9.8ten sam vendor

IQ Engine before 10.6r2 on Extreme Network AP devices has a Buffer Overflow.

CVE-2023-35802CRITICAL9.8ten sam vendor

IQ Engine before 10.6r1 on Extreme Network AP devices has a Buffer Overflow in the implementation of the CAPWA...

CVE-2025-11192HIGH8.4ten sam vendor

A vulnerability in Extreme Networks’ Fabric Engine (VOSS) before 9.3 was discovered. When SD-WAN AutoSense is ...

CVE-2020-16152 — CRITICAL 9.8 | CVEbaza.pl