CVE-2020-25206 - OpenCVE

The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 allows authenticated command injection in the Throughput, WANStats, PhyStats, and QosStats API classes. An attacker with access to a web console account may execute operating system commands on affected devices by sending crafted POST requests to the affected endpoints (/core/api/calls/Throughput.php, /core/api/calls/WANStats.php, /core/api/calls/PhyStats.php, /core/api/calls/QosStats.php). This results in the complete takeover of the vulnerable device. This vulnerability does not occur in the older 1.5.x firmware versions.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mimosa	B5 B5 Firmware B5c B5c Firmware C5c C5c Firmware

Configuration 1 [-]

AND

cpe:2.3:h:mimosa:b5:-:*:*:*:*:*:*:*

cpe:2.3:o:mimosa:b5_firmware:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:mimosa:b5c:-:*:*:*:*:*:*:*

cpe:2.3:o:mimosa:b5c_firmware:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:mimosa:c5c:-:*:*:*:*:*:*:*

cpe:2.3:o:mimosa:c5c_firmware:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cwe.mitre.org/data/definitions/78.html
https://labs.f-secure.com/advisories/
https://labs.f-secure.com/advisories/mimosa-ptp-devices-multiple-vulnerabilities/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-07-20T18:45:29

Updated: 2024-08-04T15:33:04.373Z

Reserved: 2020-09-08T00:00:00

Link: CVE-2020-25206

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-07-20T19:15:09.600

Modified: 2022-10-05T16:21:19.297

Link: CVE-2020-25206

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 allows authenticated command injection in the Throughput, WANStats, PhyStats, and QosStats API classes. An attacker with access to a web console account may execute operating system commands on affected devices by sending crafted POST requests to the affected endpoints (/core/api/calls/Throughput.php, /core/api/calls/WANStats.php, /core/api/calls/PhyStats.php, /core/api/calls/QosStats.php). This results in the complete takeover of the vulnerable device. This vulnerability does not occur in the older 1.5.x firmware versions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-07-10T20:20:07", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://cwe.mitre.org/data/definitions/78.html"}, {"tags": ["x_refsource_MISC"], "url": "https://labs.f-secure.com/advisories/"}, {"tags": ["x_refsource_MISC"], "url": "https://labs.f-secure.com/advisories/mimosa-ptp-devices-multiple-vulnerabilities/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-25206", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 allows authenticated command injection in the Throughput, WANStats, PhyStats, and QosStats API classes. An attacker with access to a web console account may execute operating system commands on affected devices by sending crafted POST requests to the affected endpoints (/core/api/calls/Throughput.php, /core/api/calls/WANStats.php, /core/api/calls/PhyStats.php, /core/api/calls/QosStats.php). This results in the complete takeover of the vulnerable device. This vulnerability does not occur in the older 1.5.x firmware versions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://cwe.mitre.org/data/definitions/78.html", "refsource": "MISC", "url": "https://cwe.mitre.org/data/definitions/78.html"}, {"name": "https://labs.f-secure.com/advisories/", "refsource": "MISC", "url": "https://labs.f-secure.com/advisories/"}, {"name": "https://labs.f-secure.com/advisories/mimosa-ptp-devices-multiple-vulnerabilities/", "refsource": "MISC", "url": "https://labs.f-secure.com/advisories/mimosa-ptp-devices-multiple-vulnerabilities/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:33:04.373Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cwe.mitre.org/data/definitions/78.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://labs.f-secure.com/advisories/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://labs.f-secure.com/advisories/mimosa-ptp-devices-multiple-vulnerabilities/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-25206", "datePublished": "2021-07-20T18:45:29", "dateReserved": "2020-09-08T00:00:00", "dateUpdated": "2024-08-04T15:33:04.373Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:mimosa:b5:-:*:*:*:*:*:*:*", "matchCriteriaId": "AB6E4730-E018-43B4-827B-6266EECF81A8", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:mimosa:b5_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E81EF07E-1DEE-454B-B022-48311817322C", "versionEndIncluding": "2.8.0.3", "versionStartIncluding": "1.5.2", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:mimosa:b5c:-:*:*:*:*:*:*:*", "matchCriteriaId": "B92406E6-A9B4-4070-B307-C341F770EF43", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:mimosa:b5c_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9283F1EB-BE6D-4F53-8398-5C2F3EED9B17", "versionEndExcluding": "2.8.1.0", "versionStartIncluding": "1.5.2", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:mimosa:c5c:-:*:*:*:*:*:*:*", "matchCriteriaId": "B2435693-7699-4432-BC83-F31D967E181F", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:mimosa:c5c_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "405AFB9E-9503-49A5-9705-12990599A79B", "versionEndExcluding": "2.8.1.0", "versionStartIncluding": "1.5.2", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 allows authenticated command injection in the Throughput, WANStats, PhyStats, and QosStats API classes. An attacker with access to a web console account may execute operating system commands on affected devices by sending crafted POST requests to the affected endpoints (/core/api/calls/Throughput.php, /core/api/calls/WANStats.php, /core/api/calls/PhyStats.php, /core/api/calls/QosStats.php). This results in the complete takeover of the vulnerable device. This vulnerability does not occur in the older 1.5.x firmware versions."}, {"lang": "es", "value": "La consola web para el firmware Mimosa B5, B5c y C5x versiones hasta 2.8.0.2, permite una inyecci\u00f3n de comandos autenticados en las clases API Throughput, WANStats, PhyStats y QosStats. Un atacante con acceso a una cuenta de consola web puede ejecutar comandos del sistema operativo en los dispositivos afectados mediante el env\u00edo de peticiones POST dise\u00f1adas a los endpoints afectados (/core/api/calls/Throughput.php, /core/api/calls/WANStats.php, /core/api/calls/PhyStats.php, /core/api/calls/QosStats.php). El resultado es la toma completa del dispositivo vulnerable. Esta vulnerabilidad no ocurre en las versiones de firmware 1.5.x m\u00e1s antiguas"}], "id": "CVE-2020-25206", "lastModified": "2022-10-05T16:21:19.297", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-07-20T19:15:09.600", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://cwe.mitre.org/data/definitions/78.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://labs.f-secure.com/advisories/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://labs.f-secure.com/advisories/mimosa-ptp-devices-multiple-vulnerabilities/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}