CVE-2020-25206

Description

The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 allows authenticated command injection in the Throughput, WANStats, PhyStats, and QosStats API classes. An attacker with access to a web console account may execute operating system commands on affected devices by sending crafted POST requests to the affected endpoints (/core/api/calls/Throughput.php, /core/api/calls/WANStats.php, /core/api/calls/PhyStats.php, /core/api/calls/QosStats.php). This results in the complete takeover of the vulnerable device. This vulnerability does not occur in the older 1.5.x firmware versions.

Related CPE's

o mimosa b5_firmware ********

h mimosa b5 -*******

o mimosa b5c_firmware ********

h mimosa b5c -*******

o mimosa c5c_firmware ********

h mimosa c5c -*******

References

https://labs.f-secure.com/advisories/

Third Party Advisory

https://labs.f-secure.com/advisories/mimosa-ptp-devices-multiple-vulnerabilities/

ExploitThird Party Advisory

CvssV3 impact

BaseSeverity	HIGH
ConfidentialityImpact	HIGH
AttackComplexity	LOW
Scope	UNCHANGED
AttackVector	NETWORK
AvailabilityImpact	HIGH
IntegrityImpact	HIGH
PrivilegesRequired	HIGH
BaseScore	7.2
VectorString	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Version	3.1
UserInteraction	NONE

CvssV2 impact

AccessComplexity	LOW
ConfidentialityImpact	COMPLETE
AvailabilityImpact	COMPLETE
IntegrityImpact	COMPLETE
BaseScore	9
VectorString	AV:N/AC:L/Au:S/C:C/I:C/A:C
Version	2.0
AccessVector	NETWORK
Authentication	SINGLE

Created by Yello

About Severity.io