CVE-2020-13856

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. Authentication is not required to download the support file that contains sensitive information such as cleartext credentials and password hashes.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
VendorProductVersion
mofinetworkmofi4500-4gxelte_firmware
4.0.8-std
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://mofinetwork.com/index.php?main_page=page&id=14
https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/
https://mofinetwork.com/index.php?main_page=page&id=14
https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/