← Back

CVE-2020-8170

nvd nist
Published: May 26, 2020Modified: Nov 21, 2024

JSON object

Loading...
6.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.7
Source: NVD

Description

We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:Multiple end-points with parameters vulnerable to reflected cross site scripting (XSS), allowing attackers to abuse the user' session information and/or account takeover of the admin user.Mitigation:Update to the latest AirMax AirOS firmware version available at the AirMax download page.

Affected (1)

Products: Ui: Airos
Ui
1 product
Airos
Configuration A
1 vulnerable · 50 platform
Vulnerable SoftwareAffected Versions
Airos
Up to 6.2.0
Running on/withPlatform Versions
Ui
Ag Hp 2g16
All versions
Ui
Ag Hp 2g20
All versions
Ui
Ag Hp 5g23
All versions
Ui
Ag Hp 5g27
All versions
Ui
Airgrid M
All versions
Ui
Airgrid M2
All versions
Ui
Airgrid M5
All versions
Ui
Ar
All versions
Ui
Ar Hp
All versions
Ui
Bm2 Ti
All versions
Ui
Bm2hp
All versions
Ui
Bm5 Ti
All versions
Ui
Bm5hp
All versions
Ui
Is M5
All versions
Ui
Lbem5 23
All versions
Ui
Litestation M5
All versions
Ui
Locom2
All versions
Ui
Locom5
All versions
Ui
Locom9
All versions
Ui
M2
All versions
Ui
M3
All versions
Ui
M365
All versions
Ui
M5
All versions
Ui
M900
All versions
Ui
Nb 2g18
All versions
Ui
Nb 5g22
All versions
Ui
Nb 5g25
All versions
Ui
Nbe M2 13
All versions
Ui
Nbe M5 16
All versions
Ui
Nbe M5 19
All versions
Ui
Nbm3
All versions
Ui
Nbm365
All versions
Ui
Nbm9
All versions
Ui
Nsm2
All versions
Ui
Nsm3
All versions
Ui
Nsm365
All versions
Ui
Nsm5
All versions
Ui
Pbe M2 400
All versions
Ui
Pbe M5 300
All versions
Ui
Pbe M5 300 Iso
All versions
Ui
Pbe M5 400
All versions
Ui
Pbe M5 400 Iso
All versions
Ui
Pbe M5 620
All versions
Ui
Pbm10
All versions
Ui
Pbm365
All versions
Ui
Pbm5
All versions
Ui
Picom2hp
All versions
Ui
Power Ap N
All versions
Ui
Rm2 Ti
All versions
Ui
Rm5 Ti
All versions

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (6)

Source: support@hackerone.com
Vendor Advisory
Source: support@hackerone.com
Vendor Advisory
Source: support@hackerone.com
Release NotesThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesThird Party Advisory

Timeline

No history available yet.