Vulnerabilities > Indionetworks > Unibox U500 Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2021-04-09 CVE-2020-21884 Cross-Site Request Forgery (CSRF) vulnerability in Indionetworks products
Unibox SMB 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a cross-site request forgery (CSRF) vulnerability in /tools/network-trace, /list_users, /list_byod?usertype=raduser, /dhcp_leases, /go?rid=202 in which a specially crafted HTTP request may reconfigure the device.
network
low complexity
indionetworks CWE-352
8.8
8.8
2021-04-09 CVE-2020-21883 OS Command Injection vulnerability in Indionetworks products
Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a OS command injection vulnerability in /tools/ping, which can leads to complete device takeover.
network
low complexity
indionetworks CWE-78
8.8
8.8