Approved changes feed: RSS · Atom
cpe:2.3:h:mimosa:b5:-:*:*:*:*:*:*:*
part: h version: - update: *
| Vendor | Mimosa (580b69ae-5f1f-5522-a421-faa6c9bac317) |
|---|---|
| Product | B5 (189c91e2-583c-5e5d-9b12-d861770af006) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2020-25206 |
not_vulnerable | 2026-06-08 05:22:36.438349 |
Details available
The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 allows authenticated command injection in the Throughput, WANStats, PhyStats, and QosStats API classes. An attacker with access to a web console account may execute operating system commands on affected devices by sending crafted POST requests to the affected endpoints (/core/api/calls/Throughput.php, /core/api/calls/WANStats.php, /core/api/calls/PhyStats.php, /core/api/calls/QosStats.php). This results in the complete takeover of the vulnerable device. This vulnerability does not occur in the older 1.5.x firmware versions.
Published: 2021-07-20T18:45:29.000Z
Updated: 2024-08-04T15:33:04.373Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-25205 |
not_vulnerable | 2026-06-08 05:22:36.434840 |
Details available
The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 is vulnerable to stored XSS in the set_banner() function of /var/www/core/controller/index.php. An unauthenticated attacker may set the contents of the /mnt/jffs2/banner.txt file, stored on the device's filesystem, to contain arbitrary JavaScript. The file contents are then used as part of a welcome/banner message presented to unauthenticated users who visit the login page for the web console. This vulnerability does not occur in the older 1.5.x firmware versions.
Published: 2021-07-20T18:45:21.000Z
Updated: 2024-08-04T15:33:04.419Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.