CVE-2020-8171
Published May 26, 2020
Last updated 4 years ago
Overview
- Description
- We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:There are certain end-points containing functionalities that are vulnerable to command injection. It is possible to craft an input string that passes the filter check but still contains commands, resulting in remote code execution.Mitigation:Update to the latest AirMax AirOS firmware version available at the AirMax download page.
- Source
- support@hackerone.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ui:airos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "14775C80-4FEC-4AB7-84B5-37D904D3C5E9",
"versionEndIncluding": "6.2.0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ui:ag-hp-2g16:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "09CFCDF4-4777-4396-8A21-54E88112FBA7"
},
{
"criteria": "cpe:2.3:h:ui:ag-hp-2g20:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "76C8F76F-96C6-4CCB-B074-F480536BE1B7"
},
{
"criteria": "cpe:2.3:h:ui:ag-hp-5g23:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "B99DB5B8-2B06-4927-AC18-8335837D8DC8"
},
{
"criteria": "cpe:2.3:h:ui:ag-hp-5g27:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "29997A9C-F7FE-4362-BDD7-1261D9E60C4B"
},
{
"criteria": "cpe:2.3:h:ui:airgrid_m:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "30B67CE7-583F-47ED-9A5C-8AC3B80E9676"
},
{
"criteria": "cpe:2.3:h:ui:airgrid_m2:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "BC9D7AA9-C3B9-4B8D-9D5B-B7725240A842"
},
{
"criteria": "cpe:2.3:h:ui:airgrid_m5:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "0821D3FE-4778-4250-B5F1-B2F7840D0131"
},
{
"criteria": "cpe:2.3:h:ui:ar:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "FF3DBAF1-F619-42A9-9312-091448E7EB8D"
},
{
"criteria": "cpe:2.3:h:ui:ar-hp:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "FB79B749-7D3E-40D0-ADB0-BC390DA14216"
},
{
"criteria": "cpe:2.3:h:ui:bm2-ti:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "06558E9A-B576-4796-A3A2-66358AD0BFB7"
},
{
"criteria": "cpe:2.3:h:ui:bm2hp:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "CFBA6127-C454-4765-8CD1-CDB6E4D6938A"
},
{
"criteria": "cpe:2.3:h:ui:bm5-ti:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "2040040E-BBB5-4033-80E5-67E0A0E32723"
},
{
"criteria": "cpe:2.3:h:ui:bm5hp:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "5667A48D-C588-454B-A28A-319BE5095276"
},
{
"criteria": "cpe:2.3:h:ui:is-m5:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A9170187-5D7F-4215-82F5-7E902319E8CC"
},
{
"criteria": "cpe:2.3:h:ui:lbem5-23:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "87195838-3C00-4C1B-9BC5-45D1C32C9548"
},
{
"criteria": "cpe:2.3:h:ui:litestation_m5:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "029185BF-E059-4BAB-BA25-D13C3554038D"
},
{
"criteria": "cpe:2.3:h:ui:locom2:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "4EFFCEBE-7010-4A4E-ADAE-509C96594899"
},
{
"criteria": "cpe:2.3:h:ui:locom5:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "4CA0F426-8CF7-4D1E-BE3A-1012310F1B8D"
},
{
"criteria": "cpe:2.3:h:ui:locom9:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "21BE866D-67DE-4A7A-9C61-31A38B8DCBBE"
},
{
"criteria": "cpe:2.3:h:ui:m2:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "1EF74FCA-58EC-4A1C-9475-000BABAFA671"
},
{
"criteria": "cpe:2.3:h:ui:m3:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "351BA7A6-9750-492F-9484-2BA1784A1A97"
},
{
"criteria": "cpe:2.3:h:ui:m365:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "CC237BF9-5FEA-419F-9316-F49E74C398E3"
},
{
"criteria": "cpe:2.3:h:ui:m5:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "E3F11676-04AE-441A-BAAC-7E22BCB4F421"
},
{
"criteria": "cpe:2.3:h:ui:m900:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "084665F4-7125-486E-8184-29B434715E02"
},
{
"criteria": "cpe:2.3:h:ui:nb-2g18:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "671747BF-2AB5-420A-A5C8-5D33EE2216C9"
},
{
"criteria": "cpe:2.3:h:ui:nb-5g22:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "B606C57E-13BB-4EA8-B832-060E6DEE3FB1"
},
{
"criteria": "cpe:2.3:h:ui:nb-5g25:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "6B8E6E7B-9FC6-429E-9A63-CDCC62A4CA1E"
},
{
"criteria": "cpe:2.3:h:ui:nbe-m2-13:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "683210F2-F96B-47F8-B796-EA04BE5C9D0D"
},
{
"criteria": "cpe:2.3:h:ui:nbe-m5-16:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "3CF4614F-3862-4000-B95E-2E2343DA0BED"
},
{
"criteria": "cpe:2.3:h:ui:nbe-m5-19:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "B5BB0AFA-A398-4D32-AAA3-0525057C35ED"
},
{
"criteria": "cpe:2.3:h:ui:nbm3:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "70830B87-C7D2-4812-874F-5EDCC14B2B99"
},
{
"criteria": "cpe:2.3:h:ui:nbm365:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "06768237-EB1E-4CE1-8813-15BFE87EDE43"
},
{
"criteria": "cpe:2.3:h:ui:nbm9:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "FAE21B65-33B4-4DF4-8704-ECFB9E07B9C6"
},
{
"criteria": "cpe:2.3:h:ui:nsm2:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "7794C8C4-B809-4D82-951E-F91ECA5D3304"
},
{
"criteria": "cpe:2.3:h:ui:nsm3:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "84F0CF44-D51A-40DF-8F78-CD78D5B8F1DC"
},
{
"criteria": "cpe:2.3:h:ui:nsm365:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "150ECFE9-F8E0-4578-898D-CC26DCFDB6B7"
},
{
"criteria": "cpe:2.3:h:ui:nsm5:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "6CFA8BF7-4437-42E4-87A7-F1561F5AA24F"
},
{
"criteria": "cpe:2.3:h:ui:pbe-m2-400:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "2D981713-2759-46D0-9649-B8F6C565DE9B"
},
{
"criteria": "cpe:2.3:h:ui:pbe-m5-300:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "970B38DC-A7E8-4BB1-83B2-8F8D00A5D5ED"
},
{
"criteria": "cpe:2.3:h:ui:pbe-m5-300-iso:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "D66A12E4-1301-4C98-BA91-F216D3860EE6"
},
{
"criteria": "cpe:2.3:h:ui:pbe-m5-400:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "F413748F-5F99-459C-8A0D-A7D0EDC94032"
},
{
"criteria": "cpe:2.3:h:ui:pbe-m5-400-iso:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "1EE7EAF6-0FE8-4BE7-9A15-F6E01040FE4B"
},
{
"criteria": "cpe:2.3:h:ui:pbe-m5-620:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "CC32A168-2724-4AB2-8798-3044343A7B88"
},
{
"criteria": "cpe:2.3:h:ui:pbm10:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "250DE236-A85C-45CF-9FC2-05BE148C1349"
},
{
"criteria": "cpe:2.3:h:ui:pbm365:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "8CEDBB81-A3A0-4986-8D8B-63B168700684"
},
{
"criteria": "cpe:2.3:h:ui:pbm5:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "B3EEDFE5-4E73-4E49-8FD3-5178111ED0DA"
},
{
"criteria": "cpe:2.3:h:ui:picom2hp:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "E28F153F-4105-46A0-9DF7-E627466324D5"
},
{
"criteria": "cpe:2.3:h:ui:power_ap_n:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "6C85C7A4-9522-4661-9E6C-A539D1DAAC91"
},
{
"criteria": "cpe:2.3:h:ui:rm2-ti:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "80DD9F0F-C2C7-4CEE-A4DD-CF3A08822332"
},
{
"criteria": "cpe:2.3:h:ui:rm5-ti:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "E57458C1-27D4-49E2-995F-E1E0F1868677"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]