Login
Start Free Trial
Research Center
CVE-2020-21883 Research Center

CVE-2020-21883

Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a OS command injection vulnerability in /tools/ping, which can leads to complete device takeover.

  • 8.8 critical severity

  • CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

  • 09/04/2021

Operating Systems 5

Un

Unibox U50 Firmware

by Indionetworks

1 Version

a year ago

Un

Unibox U500 Firmware

by Indionetworks

1 Version

a year ago

Un

Unibox U1000 Firmware

by Indionetworks

1 Version

a year ago

Un

Unibox U2500 Firmware

by Indionetworks

1 Version

a year ago

Un

Unibox U5000 Firmware

by Indionetworks

1 Version

a year ago

Vulnerability Categories 1

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

xTags 5

#easy_to_exploit
#known_vulnerability
#confidentiality_impact_if_exploited
#integrity_impact_if_exploited
#availability_impact_if_exploited

Advisory Links 3

http://wifi-soft.com
https://s3curityb3ast.github.io/KSA-Dev-009.txt
https://www.mail-archive.com/fulldisclosure@seclists.org/msg07140.html
http://www.vicarius.io is owned and operated by Vicarius Ltd. (the “Company”). All information contained on the Website is purely for informational, and educational purposes and should be independently verified and confirmed. Vicarius does not accept any liability for any loss or damage whatsoever caused in reliance upon such information or services. No statements or information presented in any form by Vicarius is intended as fact, and you agree that you will not consider the statements or information presented on the Website as fact or as a guarantee of performance.

Related CVEs

Security Research Topics

By Jenny R
Aug 14, 2022

Session Management Attacks - Part two

This article is the second part of the Session Management topic. The focus is on prevention practices, with one particular example of inactivity timer implementation!
By Wilson Corbett
Aug 12, 2022

Vulnerability Scanners 101: The Basics of Vulnerability Scanning

Storing data on an organization’s network is not an easy feat. Companies want their network as secure as possible, identifying loopholes and weak points to uncover and address vulnerabilities that cyber attackers can exploit. This need for protection is where Vulnerability Scanners enter the picture.
By Kent Weigle
Aug 12, 2022

CISAnalysis 12 August 2022

Zimbra Collaboration is back on CISA's shi... I mean Known Exploited Vulnerabilities Catalog. Today's theme is remote code execution without authentication.
By acephale 4w
Aug 12, 2022

Cybersecurity Awareness

Most common types of attacks. Social engineering, phishing. Ransomware.
By Paul Lighter
Aug 12, 2022

The UK’s Interesting (and Important) Strategy for National Cybersecurity

As cybersecurity increasingly becomes a national security issue, the UK approach stands out for several reasons that everyone (public and private sectors) can learn from.
last_chanse_02.png

Start Closing Security Gaps

  • Risk reduction from Day 1
  • Fast set-up and deployment
  • Unified platform
  • Full-featured 30-day trial
Get a Demo
Start Free Trial!