GCVE - cpe:2.3:o:indionetworks:unibox_u500

Approved changes feed: RSS · Atom

cpe:2.3:o:indionetworks:unibox_u500_firmware:2.4:*:*:*:*:*:*:*

part: o version: 2.4 update: *

Vendor	Indionetworks (`983f2484-d69d-5b9a-a07d-e9cf37d14eb2`)
Product	Unibox U500 Firmware (`2646433b-f193-5a04-840d-6f9e13f0dacb`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2020-21884`	vulnerable	2026-06-08 05:22:31.093984	Details available Unibox SMB 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a cross-site request forgery (CSRF) vulnerability in /tools/network-trace, /list_users, /list_byod?usertype=raduser, /dhcp_leases, /go?rid=202 in which a specially crafted HTTP request may reconfigure the device. Published: 2021-04-09T12:19:18.000Z Updated: 2024-08-04T14:30:33.783Z Open on db.gcve.eu Reference links http://wifi-soft.com https://s3curityb3ast.github.io/KSA-Dev-008.txt https://www.mail-archive.com/fulldisclosure%40seclists.org/msg07139.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-21883`	vulnerable	2026-06-08 05:22:31.087604	Details available Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a OS command injection vulnerability in /tools/ping, which can leads to complete device takeover. Published: 2021-04-09T12:19:12.000Z Updated: 2024-08-04T14:30:33.744Z Open on db.gcve.eu Reference links http://wifi-soft.com https://s3curityb3ast.github.io/KSA-Dev-009.txt https://www.mail-archive.com/fulldisclosure%40seclists.org/msg07140.html	Imported from gcve-enriched-dumps CVE data

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.