Vulnerability Details CVE-2020-21884
Unibox SMB 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a cross-site request forgery (CSRF) vulnerability in /tools/network-trace, /list_users, /list_byod?usertype=raduser, /dhcp_leases, /go?rid=202 in which a specially crafted HTTP request may reconfigure the device.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.8%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.3
References
Products affected by CVE-2020-21884
-
cpe:2.3:h:indionetworks:unibox_u1000:-
-
cpe:2.3:h:indionetworks:unibox_u2500:-
-
cpe:2.3:h:indionetworks:unibox_u5000:-
-
cpe:2.3:h:indionetworks:unibox_u500:-
-
cpe:2.3:h:indionetworks:unibox_u50:-
-
cpe:2.3:o:indionetworks:unibox_u1000_firmware:2.4
-
cpe:2.3:o:indionetworks:unibox_u2500_firmware:2.4
-
cpe:2.3:o:indionetworks:unibox_u5000_firmware:2.4
-
cpe:2.3:o:indionetworks:unibox_u500_firmware:2.4
-
cpe:2.3:o:indionetworks:unibox_u50_firmware:2.4