CVE-2020-8171 — CRITICAL (9.8)

Q: How severe is CVE-2020-8171?

CVE-2020-8171 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2020-8171?

Check the references section above for vendor advisories and patch information. Affected products include: Ui Airos, Ui Ag-Hp-2G16, Ui Ag-Hp-2G20, Ui Ag-Hp-5G23, Ui Ag-Hp-5G27.

Vulnerability Description

We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:There are certain end-points containing functionalities that are vulnerable to command injection. It is possible to craft an input string that passes the filter check but still contains commands, resulting in remote code execution.Mitigation:Update to the latest AirMax AirOS firmware version available at the AirMax download page.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Ui	Airos	<= 6.2.0
Ui	Ag-Hp-2G16	-
Ui	Ag-Hp-2G20	-
Ui	Ag-Hp-5G23	-
Ui	Ag-Hp-5G27	-
Ui	Airgrid M	-
Ui	Airgrid M2	-
Ui	Airgrid M5	-
Ui	Ar	-
Ui	Ar-Hp	-
Ui	Bm2-Ti	-
Ui	Bm2Hp	-
Ui	Bm5-Ti	-
Ui	Bm5Hp	-
Ui	Is-M5	-
Ui	Lbem5-23	-
Ui	Litestation M5	-
Ui	Locom2	-
Ui	Locom5	-
Ui	Locom9	-

Related Weaknesses (CWE)

CWE-78 CWE-77

References

https://community.ui.com/releases/Security-advisory-bulletin-011-011/d0d411a5-6dVendor Advisory
https://community.ui.com/releases/airMAX-M-v6-3-0/c8d5dec9-4030-4d7e-b23f-6a5b35Vendor Advisory
https://www.ui.com/download/airmax-mRelease Notes
https://community.ui.com/releases/Security-advisory-bulletin-011-011/d0d411a5-6dVendor Advisory
https://community.ui.com/releases/airMAX-M-v6-3-0/c8d5dec9-4030-4d7e-b23f-6a5b35Vendor Advisory
https://www.ui.com/download/airmax-mRelease Notes

FAQ

What is CVE-2020-8171?

CVE-2020-8171 is a vulnerability with a CVSS score of 9.8 (CRITICAL). We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the ...

How severe is CVE-2020-8171?

CVE-2020-8171 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-8171?

Check the references section above for vendor advisories and patch information. Affected products include: Ui Airos, Ui Ag-Hp-2G16, Ui Ag-Hp-2G20, Ui Ag-Hp-5G23, Ui Ag-Hp-5G27.