VYPR

C5x

by Mimosa

CVEs (2)

  • CVE-2020-25206Jul 20, 2021
    risk 0.02cvss epss 0.05

    The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 allows authenticated command injection in the Throughput, WANStats, PhyStats, and QosStats API classes. An attacker with access to a web console account may execute operating system commands on affected devices…

  • CVE-2020-25205Jul 20, 2021
    risk 0.00cvss epss 0.01

    The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 is vulnerable to stored XSS in the set_banner() function of /var/www/core/controller/index.php. An unauthenticated attacker may set the contents of the /mnt/jffs2/banner.txt file, stored on the device's…