CVE-2020-8171 - Vulnerability Details

We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:There are certain end-points containing functionalities that are vulnerable to command injection. It is possible to craft an input string that passes the filter check but still contains commands, resulting in remote code execution.Mitigation:Update to the latest AirMax AirOS firmware version available at the AirMax download page.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.06929.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

AirMax AirOS for TI, XW and XM boards

affected

Version	Status	Constraints
`Affected firmware versions are v6.2.0 and prior`	affected	—
`Fixed firmware version v6.3.0`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:ui:airos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:ui:ag-hp-2g16:-:::::::*
	cpe:2.3:h:ui:ag-hp-2g20:-:::::::*
	cpe:2.3:h:ui:ag-hp-5g23:-:::::::*
	cpe:2.3:h:ui:ag-hp-5g27:-:::::::*
	cpe:2.3:h:ui:airgrid_m:-:::::::*
	cpe:2.3:h:ui:airgrid_m2:-:::::::*
	cpe:2.3:h:ui:airgrid_m5:-:::::::*
	cpe:2.3:h:ui:ar:-:::::::*
	cpe:2.3:h:ui:ar-hp:-:::::::*
	cpe:2.3:h:ui:bm2-ti:-:::::::*
	cpe:2.3:h:ui:bm2hp:-:::::::*
	cpe:2.3:h:ui:bm5-ti:-:::::::*
	cpe:2.3:h:ui:bm5hp:-:::::::*
	cpe:2.3:h:ui:is-m5:-:::::::*
	cpe:2.3:h:ui:lbem5-23:-:::::::*
	cpe:2.3:h:ui:litestation_m5:-:::::::*
	cpe:2.3:h:ui:locom2:-:::::::*
	cpe:2.3:h:ui:locom5:-:::::::*
	cpe:2.3:h:ui:locom9:-:::::::*
	cpe:2.3:h:ui:m2:-:::::::*
	cpe:2.3:h:ui:m3:-:::::::*
	cpe:2.3:h:ui:m365:-:::::::*
	cpe:2.3:h:ui:m5:-:::::::*
	cpe:2.3:h:ui:m900:-:::::::*
	cpe:2.3:h:ui:nb-2g18:-:::::::*
	cpe:2.3:h:ui:nb-5g22:-:::::::*
	cpe:2.3:h:ui:nb-5g25:-:::::::*
	cpe:2.3:h:ui:nbe-m2-13:-:::::::*
	cpe:2.3:h:ui:nbe-m5-16:-:::::::*
	cpe:2.3:h:ui:nbe-m5-19:-:::::::*
	cpe:2.3:h:ui:nbm3:-:::::::*
	cpe:2.3:h:ui:nbm365:-:::::::*
	cpe:2.3:h:ui:nbm9:-:::::::*
	cpe:2.3:h:ui:nsm2:-:::::::*
	cpe:2.3:h:ui:nsm3:-:::::::*
	cpe:2.3:h:ui:nsm365:-:::::::*
	cpe:2.3:h:ui:nsm5:-:::::::*
	cpe:2.3:h:ui:pbe-m2-400:-:::::::*
	cpe:2.3:h:ui:pbe-m5-300:-:::::::*
	cpe:2.3:h:ui:pbe-m5-300-iso:-:::::::*
	cpe:2.3:h:ui:pbe-m5-400:-:::::::*
	cpe:2.3:h:ui:pbe-m5-400-iso:-:::::::*
	cpe:2.3:h:ui:pbe-m5-620:-:::::::*
	cpe:2.3:h:ui:pbm10:-:::::::*
	cpe:2.3:h:ui:pbm365:-:::::::*
	cpe:2.3:h:ui:pbm5:-:::::::*
	cpe:2.3:h:ui:picom2hp:-:::::::*
	cpe:2.3:h:ui:power_ap_n:-:::::::*
	cpe:2.3:h:ui:rm2-ti:-:::::::*
	cpe:2.3:h:ui:rm5-ti:-:::::::*

No data.

Project Subscriptions

Vendors	Products
Ui Subscribe	Ag-hp-2g16 Subscribe Ag-hp-2g20 Subscribe Ag-hp-5g23 Subscribe Ag-hp-5g27 Subscribe Airgrid M Subscribe Airgrid M2 Subscribe Airgrid M5 Subscribe Airos Subscribe Ar Subscribe Ar-hp Subscribe Bm2-ti Subscribe Bm2hp Subscribe Bm5-ti Subscribe Bm5hp Subscribe Is-m5 Subscribe Lbem5-23 Subscribe Litestation M5 Subscribe Locom2 Subscribe Locom5 Subscribe Locom9 Subscribe M2 Subscribe M3 Subscribe M365 Subscribe M5 Subscribe M900 Subscribe Nb-2g18 Subscribe Nb-5g22 Subscribe Nb-5g25 Subscribe Nbe-m2-13 Subscribe Nbe-m5-16 Subscribe Nbe-m5-19 Subscribe Nbm3 Subscribe Nbm365 Subscribe Nbm9 Subscribe Nsm2 Subscribe Nsm3 Subscribe Nsm365 Subscribe Nsm5 Subscribe Pbe-m2-400 Subscribe Pbe-m5-300 Subscribe Pbe-m5-300-iso Subscribe Pbe-m5-400 Subscribe Pbe-m5-400-iso Subscribe Pbe-m5-620 Subscribe Pbm10 Subscribe Pbm365 Subscribe Pbm5 Subscribe Picom2hp Subscribe Power Ap N Subscribe Rm2-ti Subscribe Rm5-ti Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2020-29055	We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:There are certain end-points containing functionalities that are vulnerable to command injection. It is possible to craft an input string that passes the filter check but still contains commands, resulting in remote code execution.Mitigation:Update to the latest AirMax AirOS firmware version available at the AirMax download page.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://community.ui.com/releases/Security-advisory-bulletin-011-011/d0d411a5-6dcb-4988-9709-d57f50957261
https://community.ui.com/releases/airMAX-M-v6-3-0/c8d5dec9-4030-4d7e-b23f-6a5b35ed3d83
https://www.ui.com/download/airmax-m

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2020-05-26T15:40:53

Updated: 2024-08-04T09:56:26.875Z

Reserved: 2020-01-28T00:00:00

Link: CVE-2020-8171

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-05-26T16:15:12.867

Modified: 2024-11-21T05:38:25.893

Link: CVE-2020-8171

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object