|
211111
|
9.8 |
CRITICAL
Network
|
mofinetwork
|
mofi4500-4gxelte_firmware
|
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI - OpenWrt Configuration Interface framework, allows the…
|
CWE-287
CWE-755
Improper Authentication
Improper Handling of Exceptional Conditions
|
CVE-2020-13859
|
2024-11-21 14:02 |
2021-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211112
|
9.8 |
CRITICAL
Network
|
mofinetwork
|
mofi4500-4gxelte_firmware
|
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They contain two undocumented administrator accounts. The sftp and mofidev accounts are defined in /etc/passw…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-13858
|
2024-11-21 14:02 |
2021-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211113
|
7.5 |
HIGH
Network
|
mofinetwork
|
mofi4500-4gxelte_firmware
|
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They can be rebooted by sending an unauthenticated poof.cgi HTTP GET request.
|
NVD-CWE-noinfo
|
CVE-2020-13857
|
2024-11-21 14:02 |
2021-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211114
|
7.5 |
HIGH
Network
|
mofinetwork
|
mofi4500-4gxelte_firmware
|
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. Authentication is not required to download the support file that contains sensitive information such as cleartext credentia…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-13856
|
2024-11-21 14:02 |
2021-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211115
|
7.2 |
HIGH
Network
|
mi
|
ax1800_firmware
rm1800_firmware
|
There is command injection when ddns processes the hostname, which causes the administrator user to obtain the root privilege of the router. This affects Xiaomi router AX1800rom version < 1.0.336 and…
|
CWE-77
Command Injection
|
CVE-2020-14102
|
2024-11-21 14:02 |
2021-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211116
|
7.5 |
HIGH
Network
|
mi
|
ax1800_firmware
rm1800_firmware
|
The data collection SDK of the router web management interface caused the leakage of the token. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26.
|
NVD-CWE-noinfo
|
CVE-2020-14101
|
2024-11-21 14:02 |
2021-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211117
|
7.5 |
HIGH
Network
|
mi
|
ax1800_firmware
rm1800_firmware
|
The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800…
|
CWE-662
Improper Synchronization
|
CVE-2020-14098
|
2024-11-21 14:02 |
2021-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211118
|
7.5 |
HIGH
Network
|
mi
|
redmi_ax6_firmware
|
Wrong nginx configuration, causing specific paths to be downloaded without authorization. This affects Xiaomi router AX6 ROM version < 1.0.18.
|
NVD-CWE-noinfo
|
CVE-2020-14097
|
2024-11-21 14:02 |
2021-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211119
|
9.8 |
CRITICAL
Network
|
hcltechsw
|
hcl_commerce
|
Security vulnerability in HCL Commerce 9.0.0.5 through 9.0.0.13, 9.0.1.0 through 9.0.1.14 and 9.1 through 9.1.4 could allow denial of service, disclosure of user personal data, and performing of unau…
|
NVD-CWE-noinfo
|
CVE-2020-14275
|
2024-11-21 14:02 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211120
|
7.5 |
HIGH
Network
|
hcltechsw
|
hcl_commerce
|
Information disclosure vulnerability in HCL Commerce 9.0.1.9 through 9.0.1.14 and 9.1 through 9.1.4 could allow a remote attacker to obtain user personal data via unknown vectors.
|
NVD-CWE-noinfo
|
CVE-2020-14274
|
2024-11-21 14:02 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
