Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 allows authenticated command injection in the Throughput, WANStats, PhyStats, and QosStats API classes. An attacker with access to a web console account may execute operating system commands on affected devices by sending crafted POST requests to the affected endpoints (/core/api/calls/Throughput.php, /core/api/calls/WANStats.php, /core/api/calls/PhyStats.php, /core/api/calls/QosStats.php). This results in the complete takeover of the vulnerable device. This vulnerability does not occur in the older 1.5.x firmware versions.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mimosa B5 操作系统命令注入漏洞
Vulnerability Description
Mimosa B5是mimosa的网络设备Mimosa B5 回程是最容易部署且容量最高的未授权 5 GHz 回程解决方案,适用于中短程链路应用。 Mimosa B5、B5c存在安全漏洞,该漏洞允许在吞吐量、WANStats、PhyStats和QosStats API类中通过身份验证的命令注入。
CVSS Information
N/A
Vulnerability Type
N/A