CVE-2020-8170 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2020-8170

Analyzed

More Info Official Page

Source-support@hackerone.com

Published At-26 May, 2020 | 16:15

Updated At-28 May, 2020 | 20:03

We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:Multiple end-points with parameters vulnerable to reflected cross site scripting (XSS), allowing attackers to abuse the user' session information and/or account takeover of the admin user.Mitigation:Update to the latest AirMax AirOS firmware version available at the AirMax download page.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.1	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N

CPE Matches

>>ag-hp-2g16>>-

cpe:2.3:h:ui:ag-hp-2g16:-:*:*:*:*:*:*:*

>>ag-hp-2g20>>-

cpe:2.3:h:ui:ag-hp-2g20:-:*:*:*:*:*:*:*

>>ag-hp-5g23>>-

cpe:2.3:h:ui:ag-hp-5g23:-:*:*:*:*:*:*:*

>>ag-hp-5g27>>-

cpe:2.3:h:ui:ag-hp-5g27:-:*:*:*:*:*:*:*

cpe:2.3:h:ui:airgrid_m:-:*:*:*:*:*:*:*

>>airgrid_m2>>-

cpe:2.3:h:ui:airgrid_m2:-:*:*:*:*:*:*:*

>>airgrid_m5>>-

cpe:2.3:h:ui:airgrid_m5:-:*:*:*:*:*:*:*

>>ar>>-

cpe:2.3:h:ui:ar:-:*:*:*:*:*:*:*

>>ar-hp>>-

cpe:2.3:h:ui:ar-hp:-:*:*:*:*:*:*:*

cpe:2.3:h:ui:bm2-ti:-:*:*:*:*:*:*:*

>>bm2hp>>-

cpe:2.3:h:ui:bm2hp:-:*:*:*:*:*:*:*

cpe:2.3:h:ui:bm5-ti:-:*:*:*:*:*:*:*

>>bm5hp>>-

cpe:2.3:h:ui:bm5hp:-:*:*:*:*:*:*:*

>>is-m5>>-

cpe:2.3:h:ui:is-m5:-:*:*:*:*:*:*:*

cpe:2.3:h:ui:lbem5-23:-:*:*:*:*:*:*:*

>>litestation_m5>>-

cpe:2.3:h:ui:litestation_m5:-:*:*:*:*:*:*:*

cpe:2.3:h:ui:locom2:-:*:*:*:*:*:*:*

cpe:2.3:h:ui:locom5:-:*:*:*:*:*:*:*

cpe:2.3:h:ui:locom9:-:*:*:*:*:*:*:*

>>m2>>-

cpe:2.3:h:ui:m2:-:*:*:*:*:*:*:*

>>m3>>-

cpe:2.3:h:ui:m3:-:*:*:*:*:*:*:*

>>m365>>-

cpe:2.3:h:ui:m365:-:*:*:*:*:*:*:*

>>m5>>-

cpe:2.3:h:ui:m5:-:*:*:*:*:*:*:*

>>m900>>-

cpe:2.3:h:ui:m900:-:*:*:*:*:*:*:*

cpe:2.3:h:ui:nb-2g18:-:*:*:*:*:*:*:*

cpe:2.3:h:ui:nb-5g22:-:*:*:*:*:*:*:*

cpe:2.3:h:ui:nb-5g25:-:*:*:*:*:*:*:*

cpe:2.3:h:ui:nbe-m2-13:-:*:*:*:*:*:*:*

cpe:2.3:h:ui:nbe-m5-16:-:*:*:*:*:*:*:*

cpe:2.3:h:ui:nbe-m5-19:-:*:*:*:*:*:*:*

>>nbm3>>-

cpe:2.3:h:ui:nbm3:-:*:*:*:*:*:*:*

cpe:2.3:h:ui:nbm365:-:*:*:*:*:*:*:*

>>nbm9>>-

cpe:2.3:h:ui:nbm9:-:*:*:*:*:*:*:*

>>nsm2>>-

cpe:2.3:h:ui:nsm2:-:*:*:*:*:*:*:*

>>nsm3>>-

cpe:2.3:h:ui:nsm3:-:*:*:*:*:*:*:*

cpe:2.3:h:ui:nsm365:-:*:*:*:*:*:*:*

>>nsm5>>-

cpe:2.3:h:ui:nsm5:-:*:*:*:*:*:*:*

>>pbe-m2-400>>-

cpe:2.3:h:ui:pbe-m2-400:-:*:*:*:*:*:*:*

>>pbe-m5-300>>-

cpe:2.3:h:ui:pbe-m5-300:-:*:*:*:*:*:*:*

>>pbe-m5-300-iso>>-

cpe:2.3:h:ui:pbe-m5-300-iso:-:*:*:*:*:*:*:*

>>pbe-m5-400>>-

cpe:2.3:h:ui:pbe-m5-400:-:*:*:*:*:*:*:*

>>pbe-m5-400-iso>>-

cpe:2.3:h:ui:pbe-m5-400-iso:-:*:*:*:*:*:*:*

>>pbe-m5-620>>-

cpe:2.3:h:ui:pbe-m5-620:-:*:*:*:*:*:*:*

>>pbm10>>-

cpe:2.3:h:ui:pbm10:-:*:*:*:*:*:*:*

cpe:2.3:h:ui:pbm365:-:*:*:*:*:*:*:*

>>pbm5>>-

cpe:2.3:h:ui:pbm5:-:*:*:*:*:*:*:*

cpe:2.3:h:ui:picom2hp:-:*:*:*:*:*:*:*

>>power_ap_n>>-

cpe:2.3:h:ui:power_ap_n:-:*:*:*:*:*:*:*

cpe:2.3:h:ui:rm2-ti:-:*:*:*:*:*:*:*

cpe:2.3:h:ui:rm5-ti:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	nvd@nist.gov
CWE-79	Secondary	support@hackerone.com

References

Hyperlink	Source	Resource
https://community.ui.com/releases/Security-advisory-bulletin-010-010/36a8448a-7dbf-4d30-bb54-398c44591dd4	support@hackerone.com	Vendor Advisory
https://community.ui.com/releases/airMAX-M-v6-3-0/c8d5dec9-4030-4d7e-b23f-6a5b35ed3d83	support@hackerone.com	Vendor Advisory
https://www.ui.com/download/airmax-m	support@hackerone.com	Release Notes Third Party Advisory