CVE-2020-8171

Published May 26, 2020

Last updated 3 months ago

CVSS critical 9.8

Overview

Description: We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:There are certain end-points containing functionalities that are vulnerable to command injection. It is possible to craft an input string that passes the filter check but still contains commands, resulting in remote code execution.Mitigation:Update to the latest AirMax AirOS firmware version available at the AirMax download page.
Source: support@hackerone.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

support@hackerone.com: CWE-77
nvd@nist.gov: CWE-78

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ui:airos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14775C80-4FEC-4AB7-84B5-37D904D3C5E9",
            "versionEndIncluding": "6.2.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ui:ag-hp-2g16:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "09CFCDF4-4777-4396-8A21-54E88112FBA7"
          },
          {
            "criteria": "cpe:2.3:h:ui:ag-hp-2g20:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "76C8F76F-96C6-4CCB-B074-F480536BE1B7"
          },
          {
            "criteria": "cpe:2.3:h:ui:ag-hp-5g23:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B99DB5B8-2B06-4927-AC18-8335837D8DC8"
          },
          {
            "criteria": "cpe:2.3:h:ui:ag-hp-5g27:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "29997A9C-F7FE-4362-BDD7-1261D9E60C4B"
          },
          {
            "criteria": "cpe:2.3:h:ui:airgrid_m:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "30B67CE7-583F-47ED-9A5C-8AC3B80E9676"
          },
          {
            "criteria": "cpe:2.3:h:ui:airgrid_m2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BC9D7AA9-C3B9-4B8D-9D5B-B7725240A842"
          },
          {
            "criteria": "cpe:2.3:h:ui:airgrid_m5:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0821D3FE-4778-4250-B5F1-B2F7840D0131"
          },
          {
            "criteria": "cpe:2.3:h:ui:ar:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FF3DBAF1-F619-42A9-9312-091448E7EB8D"
          },
          {
            "criteria": "cpe:2.3:h:ui:ar-hp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FB79B749-7D3E-40D0-ADB0-BC390DA14216"
          },
          {
            "criteria": "cpe:2.3:h:ui:bm2-ti:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "06558E9A-B576-4796-A3A2-66358AD0BFB7"
          },
          {
            "criteria": "cpe:2.3:h:ui:bm2hp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CFBA6127-C454-4765-8CD1-CDB6E4D6938A"
          },
          {
            "criteria": "cpe:2.3:h:ui:bm5-ti:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2040040E-BBB5-4033-80E5-67E0A0E32723"
          },
          {
            "criteria": "cpe:2.3:h:ui:bm5hp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5667A48D-C588-454B-A28A-319BE5095276"
          },
          {
            "criteria": "cpe:2.3:h:ui:is-m5:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A9170187-5D7F-4215-82F5-7E902319E8CC"
          },
          {
            "criteria": "cpe:2.3:h:ui:lbem5-23:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "87195838-3C00-4C1B-9BC5-45D1C32C9548"
          },
          {
            "criteria": "cpe:2.3:h:ui:litestation_m5:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "029185BF-E059-4BAB-BA25-D13C3554038D"
          },
          {
            "criteria": "cpe:2.3:h:ui:locom2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4EFFCEBE-7010-4A4E-ADAE-509C96594899"
          },
          {
            "criteria": "cpe:2.3:h:ui:locom5:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4CA0F426-8CF7-4D1E-BE3A-1012310F1B8D"
          },
          {
            "criteria": "cpe:2.3:h:ui:locom9:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "21BE866D-67DE-4A7A-9C61-31A38B8DCBBE"
          },
          {
            "criteria": "cpe:2.3:h:ui:m2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1EF74FCA-58EC-4A1C-9475-000BABAFA671"
          },
          {
            "criteria": "cpe:2.3:h:ui:m3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "351BA7A6-9750-492F-9484-2BA1784A1A97"
          },
          {
            "criteria": "cpe:2.3:h:ui:m365:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CC237BF9-5FEA-419F-9316-F49E74C398E3"
          },
          {
            "criteria": "cpe:2.3:h:ui:m5:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E3F11676-04AE-441A-BAAC-7E22BCB4F421"
          },
          {
            "criteria": "cpe:2.3:h:ui:m900:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "084665F4-7125-486E-8184-29B434715E02"
          },
          {
            "criteria": "cpe:2.3:h:ui:nb-2g18:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "671747BF-2AB5-420A-A5C8-5D33EE2216C9"
          },
          {
            "criteria": "cpe:2.3:h:ui:nb-5g22:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B606C57E-13BB-4EA8-B832-060E6DEE3FB1"
          },
          {
            "criteria": "cpe:2.3:h:ui:nb-5g25:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6B8E6E7B-9FC6-429E-9A63-CDCC62A4CA1E"
          },
          {
            "criteria": "cpe:2.3:h:ui:nbe-m2-13:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "683210F2-F96B-47F8-B796-EA04BE5C9D0D"
          },
          {
            "criteria": "cpe:2.3:h:ui:nbe-m5-16:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3CF4614F-3862-4000-B95E-2E2343DA0BED"
          },
          {
            "criteria": "cpe:2.3:h:ui:nbe-m5-19:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B5BB0AFA-A398-4D32-AAA3-0525057C35ED"
          },
          {
            "criteria": "cpe:2.3:h:ui:nbm3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "70830B87-C7D2-4812-874F-5EDCC14B2B99"
          },
          {
            "criteria": "cpe:2.3:h:ui:nbm365:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "06768237-EB1E-4CE1-8813-15BFE87EDE43"
          },
          {
            "criteria": "cpe:2.3:h:ui:nbm9:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FAE21B65-33B4-4DF4-8704-ECFB9E07B9C6"
          },
          {
            "criteria": "cpe:2.3:h:ui:nsm2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7794C8C4-B809-4D82-951E-F91ECA5D3304"
          },
          {
            "criteria": "cpe:2.3:h:ui:nsm3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "84F0CF44-D51A-40DF-8F78-CD78D5B8F1DC"
          },
          {
            "criteria": "cpe:2.3:h:ui:nsm365:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "150ECFE9-F8E0-4578-898D-CC26DCFDB6B7"
          },
          {
            "criteria": "cpe:2.3:h:ui:nsm5:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6CFA8BF7-4437-42E4-87A7-F1561F5AA24F"
          },
          {
            "criteria": "cpe:2.3:h:ui:pbe-m2-400:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2D981713-2759-46D0-9649-B8F6C565DE9B"
          },
          {
            "criteria": "cpe:2.3:h:ui:pbe-m5-300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "970B38DC-A7E8-4BB1-83B2-8F8D00A5D5ED"
          },
          {
            "criteria": "cpe:2.3:h:ui:pbe-m5-300-iso:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D66A12E4-1301-4C98-BA91-F216D3860EE6"
          },
          {
            "criteria": "cpe:2.3:h:ui:pbe-m5-400:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F413748F-5F99-459C-8A0D-A7D0EDC94032"
          },
          {
            "criteria": "cpe:2.3:h:ui:pbe-m5-400-iso:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1EE7EAF6-0FE8-4BE7-9A15-F6E01040FE4B"
          },
          {
            "criteria": "cpe:2.3:h:ui:pbe-m5-620:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CC32A168-2724-4AB2-8798-3044343A7B88"
          },
          {
            "criteria": "cpe:2.3:h:ui:pbm10:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "250DE236-A85C-45CF-9FC2-05BE148C1349"
          },
          {
            "criteria": "cpe:2.3:h:ui:pbm365:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8CEDBB81-A3A0-4986-8D8B-63B168700684"
          },
          {
            "criteria": "cpe:2.3:h:ui:pbm5:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B3EEDFE5-4E73-4E49-8FD3-5178111ED0DA"
          },
          {
            "criteria": "cpe:2.3:h:ui:picom2hp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E28F153F-4105-46A0-9DF7-E627466324D5"
          },
          {
            "criteria": "cpe:2.3:h:ui:power_ap_n:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6C85C7A4-9522-4661-9E6C-A539D1DAAC91"
          },
          {
            "criteria": "cpe:2.3:h:ui:rm2-ti:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "80DD9F0F-C2C7-4CEE-A4DD-CF3A08822332"
          },
          {
            "criteria": "cpe:2.3:h:ui:rm5-ti:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E57458C1-27D4-49E2-995F-E1E0F1868677"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References