Details of VAR-202102-0156

ID

VAR-202102-0156

CVE

CVE-2020-15832

TITLE

Mofi Network MOFI4500-4GXeLTE remote restart backdoor vulnerability

Trust: 0.6

sources: CNVD: CNVD-2021-13968

DESCRIPTION

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The poof.cgi script contains undocumented code that provides the ability to remotely reboot the device. An adversary with the private key (but not the root password) can remotely reboot the device. Mofi Network MOFI4500-4GXeLTE is a wireless router of Mofi Network Company

Trust: 1.53

sources: NVD: CVE-2020-15832 // CNVD: CNVD-2021-13968 // VULMON: CVE-2020-15832

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-13968

AFFECTED PRODUCTS

vendor:	mofinetwork	model:	mofi4500-4gxelte	scope:	eq	version:	4.1.5-std	Trust: 1.0
vendor:	mofi	model:	network mofi4500-4gxelte 4.1.5-std	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-13968 // NVD: CVE-2020-15832

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-15832
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2021-13968
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202101-2608
value:	HIGH
Trust: 0.6
VULMON:	CVE-2020-15832
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-15832
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2021-13968
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-15832
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2021-13968 // VULMON: CVE-2020-15832 // CNNVD: CNNVD-202101-2608 // NVD: CVE-2020-15832

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2020-15832

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-2608

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202101-2608

PATCH

title:	Patch for Mofi Network MOFI4500-4GXeLTE remote restart backdoor vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/250456	Trust: 0.6
title:	Mofi Network MOFI4500-4GXeLTE Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=140639	Trust: 0.6

sources: CNVD: CNVD-2021-13968 // CNNVD: CNNVD-202101-2608

EXTERNAL IDS

db:	NVD	id:	CVE-2020-15832	Trust: 2.3
db:	CNVD	id:	CNVD-2021-13968	Trust: 0.6
db:	CNNVD	id:	CNNVD-202101-2608	Trust: 0.6
db:	VULMON	id:	CVE-2020-15832	Trust: 0.1

sources: CNVD: CNVD-2021-13968 // VULMON: CVE-2020-15832 // CNNVD: CNNVD-202101-2608 // NVD: CVE-2020-15832

REFERENCES

url:	https://mofinetwork.com/index.php?main_page=page&id=14	Trust: 1.7
url:	https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15832	Trust: 1.2
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-13968 // VULMON: CVE-2020-15832 // CNNVD: CNNVD-202101-2608 // NVD: CVE-2020-15832

SOURCES

db:	CNVD	id:	CNVD-2021-13968
db:	VULMON	id:	CVE-2020-15832
db:	CNNVD	id:	CNNVD-202101-2608
db:	NVD	id:	CVE-2020-15832

LAST UPDATE DATE

2024-11-23T22:44:17.122000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-13968	date:	2021-03-03T00:00:00
db:	VULMON	id:	CVE-2020-15832	date:	2021-02-04T00:00:00
db:	CNNVD	id:	CNNVD-202101-2608	date:	2021-02-09T00:00:00
db:	NVD	id:	CVE-2020-15832	date:	2024-11-21T05:06:16.740

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-13968	date:	2021-03-03T00:00:00
db:	VULMON	id:	CVE-2020-15832	date:	2021-02-01T00:00:00
db:	CNNVD	id:	CNNVD-202101-2608	date:	2021-01-31T00:00:00
db:	NVD	id:	CVE-2020-15832	date:	2021-02-01T02:15:14.927