Mofinetwork Mofi4500-4gxelte

10 CVEs affecting Mofinetwork Mofi4500-4gxelte. Latest disclosed: 2021-02-01. Critical: 5, High: 5.

Top CVEs affecting Mofinetwork Mofi4500-4gxelte
CVESeverityScorePublishedSummary
CVE-2020-15836Critical9.82021-02-01An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function passes untrusted data to the operating system without p…
CVE-2020-15835Critical9.82021-02-01An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function contains undocumented code that provides the ability to…
CVE-2020-15833Critical9.82021-02-01An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The Dropbear SSH daemon has been modified to accept an alternate hard-coded path to…
CVE-2020-13859Critical9.82021-02-01An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI - OpenWrt Confi…
CVE-2020-13858Critical9.82021-02-01An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They contain two undocumented administrator accounts. The sftp and mo…
CVE-2020-15834High7.52021-02-01An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The wireless network password is exposed in a QR encoded picture that an unauthenti…
CVE-2020-15832High7.52021-02-01An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The poof.cgi script contains undocumented code that provides the ability to remotel…
CVE-2020-13860High7.52021-02-01An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. The one-time password algorithm for the undocumented system account mofidev generat…
CVE-2020-13857High7.52021-02-01An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They can be rebooted by sending an unauthenticated poof.cgi HTTP GET…
CVE-2020-13856High7.52021-02-01An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. Authentication is not required to download the support file that contains sensitive…