PT-2021-9839 · Mofi Network · Mofi4500-4Gxelte

Published

2021-02-01

Updated

2021-02-03

CVE-2020-15835

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Mofi Network MOFI4500-4GXeLTE version 4.1.5-std

Description An issue was discovered in the authentication function, which contains undocumented code allowing authentication as root without knowing the actual root password. An adversary with the private key can remotely authenticate to the management interface as root.

Recommendations For Mofi Network MOFI4500-4GXeLTE version 4.1.5-std, consider disabling remote access to the management interface until a patch is available to prevent exploitation of the undocumented code in the authentication function. Restrict access to the management interface to minimize the risk of unauthorized root access.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2020-15835

Affected Products

Mofi4500-4Gxelte

PT-2021-9839 · Mofi Network · Mofi4500-4Gxelte

CVE-2020-15835

Weakness Enumeration

Related Identifiers

Affected Products

References · 7