CVE-2020-8168

Name of the Vulnerable Software and Affected Versions AirMax AirOS versions prior to 6.3.0

Description The issue allows attackers to abuse multiple endpoints not protected against cross-site request forgery (CSRF). As a result, authenticated users can be persuaded to visit malicious web pages, which enables attackers to perform arbitrary actions. These actions include downgrading the device's firmware to older versions, modifying configuration, uploading arbitrary firmware, exfiltrating files and tokens.

Recommendations Update to the latest AirMax AirOS firmware version available at the AirMax download page.