Mofinetwork Mofi4500-4gxelte
10 CVEs affecting Mofinetwork Mofi4500-4gxelte. Latest disclosed: 2021-02-01. Critical: 5, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-15836 | Critical | 9.8 | 2021-02-01 | An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function passes untrusted data to the operating system without p… |
CVE-2020-15835 | Critical | 9.8 | 2021-02-01 | An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function contains undocumented code that provides the ability to… |
CVE-2020-15833 | Critical | 9.8 | 2021-02-01 | An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The Dropbear SSH daemon has been modified to accept an alternate hard-coded path to… |
CVE-2020-13859 | Critical | 9.8 | 2021-02-01 | An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI - OpenWrt Confi… |
CVE-2020-13858 | Critical | 9.8 | 2021-02-01 | An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They contain two undocumented administrator accounts. The sftp and mo… |
CVE-2020-15834 | High | 7.5 | 2021-02-01 | An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The wireless network password is exposed in a QR encoded picture that an unauthenti… |
CVE-2020-15832 | High | 7.5 | 2021-02-01 | An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The poof.cgi script contains undocumented code that provides the ability to remotel… |
CVE-2020-13860 | High | 7.5 | 2021-02-01 | An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. The one-time password algorithm for the undocumented system account mofidev generat… |
CVE-2020-13857 | High | 7.5 | 2021-02-01 | An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They can be rebooted by sending an unauthenticated poof.cgi HTTP GET… |
CVE-2020-13856 | High | 7.5 | 2021-02-01 | An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. Authentication is not required to download the support file that contains sensitive… |