CRITICAL🇵🇱 Wersja polska

CVE-2020-15835

CVSS 9.8v3.1pub. 2021-02-01upd. 2024-11-21

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function contains undocumented code that provides the ability to authenticate as root without knowing the actual root password. An adversary with the private key can remotely authenticate to the management interface as root.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Mofinetwork Mofi4500 4gxelte

    HW
    Mofinetwork
    wszystkie wersje
  • Mofinetwork Mofi4500 4gxelte Firmware

    OS
    Mofinetwork
    4.1.5-std
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2020-13859CRITICAL9.8ten sam produkt

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, cou...

CVE-2020-15833CRITICAL9.8ten sam produkt

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The Dropbear SSH daemon has been m...

CVE-2020-13858CRITICAL9.8ten sam produkt

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They contain two und...

CVE-2020-15836CRITICAL9.8ten sam produkt

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function passes...

CVE-2020-15834HIGH7.5ten sam produkt

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The wireless network password is e...