Vulnerabilities > CVE-2020-15836 - Unspecified vulnerability in Mofinetwork Mofi4500-4Gxelte Firmware 4.1.5Std

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

mofinetwork

critical

NVD

Published: 2021-02-01

Updated: 2021-02-03

Summary

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function passes untrusted data to the operating system without proper sanitization. A crafted request can be sent to execute arbitrary commands as root.

Vulnerable Configurations

Part	Description	Count
OS	Mofinetwork Mofinetwork Mofi4500 4Gxelte Firmware 4.1.5-Std	1
Hardware	Mofinetwork Mofinetwork Mofi4500 4Gxelte -	1

References

https://mofinetwork.com/index.php?main_page=page&id=14
https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/