Mimosa B5C Firmware vulnerabilities
2 known vulnerabilities affecting mimosa/b5c_firmware.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2020-25206P1HIGHCVSS 7.2Exploited≥ 1.5.2, < 2.8.1.02021-07-20
CVE-2020-25206 [HIGH] CWE-78 CVE-2020-25206: The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 allows authenticated command in
The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 allows authenticated command injection in the Throughput, WANStats, PhyStats, and QosStats API classes. An attacker with access to a web console account may execute operating system commands on affected devices by sending crafted POST requests to the affected endpoints (/core/api/call
nvd
CVE-2020-25205P4MEDIUMCVSS 6.1≤ 2.8.0.32021-07-20
CVE-2020-25205 [MEDIUM] CWE-79 CVE-2020-25205: The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 is vulnerable to stored XSS in
The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 is vulnerable to stored XSS in the set_banner() function of /var/www/core/controller/index.php. An unauthenticated attacker may set the contents of the /mnt/jffs2/banner.txt file, stored on the device's filesystem, to contain arbitrary JavaScript. The file contents are then used as p
nvd