CVE-2020-13859

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI - OpenWrt Configuration Interface framework, allows the undocumented system account mofidev to login to the cgi-bin/luci/quick/wizard management interface without a password by abusing a forgotten-password feature.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:mofinetwork:mofi4500-4gxelte_firmware:4.0.8-std:*:*:*:*:*:*:*
cpe:2.3:h:mofinetwork:mofi4500-4gxelte:-:*:*:*:*:*:*:*

Information

Published : 2021-01-31 18:15

Updated : 2021-07-21 04:39


NVD link : CVE-2020-13859

Mitre link : CVE-2020-13859


JSON object : View

CWE
CWE-287

Improper Authentication

CWE-755

Improper Handling of Exceptional Conditions

Advertisement

dedicated server usa

Products Affected

mofinetwork

  • mofi4500-4gxelte_firmware
  • mofi4500-4gxelte