Approved changes feed: RSS · Atom

cpe:2.3:o:mimosa:b5_firmware:*:*:*:*:*:*:*:*

part: o version: * update: *

VendorMimosa (580b69ae-5f1f-5522-a421-faa6c9bac317)
ProductB5 Firmware (2d992b3e-5469-56d2-b2f9-f9bd5c6e8fba)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2020-25206 vulnerable 2026-06-08 05:22:36.438320 Details available
The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 allows authenticated command injection in the Throughput, WANStats, PhyStats, and QosStats API classes. An attacker with access to a web console account may execute operating system commands on affected devices by sending crafted POST requests to the affected endpoints (/core/api/calls/Throughput.php, /core/api/calls/WANStats.php, /core/api/calls/PhyStats.php, /core/api/calls/QosStats.php). This results in the complete takeover of the vulnerable device. This vulnerability does not occur in the older 1.5.x firmware versions.
Published: 2021-07-20T18:45:29.000Z
Updated: 2024-08-04T15:33:04.373Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-25205 vulnerable 2026-06-08 05:22:36.434142 Details available
The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 is vulnerable to stored XSS in the set_banner() function of /var/www/core/controller/index.php. An unauthenticated attacker may set the contents of the /mnt/jffs2/banner.txt file, stored on the device's filesystem, to contain arbitrary JavaScript. The file contents are then used as part of a welcome/banner message presented to unauthenticated users who visit the login page for the web console. This vulnerability does not occur in the older 1.5.x firmware versions.
Published: 2021-07-20T18:45:21.000Z
Updated: 2024-08-04T15:33:04.419Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.