Skip to main content

Fibeair Ip 10 Firmware

2 CVEs product

Monthly

CVE-2015-0936 CRITICAL POC THREAT Emergency

Ceragon FibeAir IP-10 have a default SSH public key in the authorized_keys file for the mateidu user, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 86.3%.

Information Disclosure Fibeair Ip 10 Firmware
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
86.3%
Threat
6.0
CVE-2016-10309 CRITICAL Act Now

In the GUI of Ceragon FibeAir IP-10 (before 7.2.0) devices, a remote attacker can bypass authentication by adding an ALBATROSS cookie with the value 0-4-11 to their browser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fibeair Ip 10 Firmware
NVD
CVSS 3.0
9.8
EPSS
0.8%
EPSS 86% 6.0 CVSS 9.8
CRITICAL POC THREAT Emergency

Ceragon FibeAir IP-10 have a default SSH public key in the authorized_keys file for the mateidu user, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 86.3%.

Information Disclosure Fibeair Ip 10 Firmware
NVD GitHub Exploit-DB
EPSS 1% CVSS 9.8
CRITICAL Act Now

In the GUI of Ceragon FibeAir IP-10 (before 7.2.0) devices, a remote attacker can bypass authentication by adding an ALBATROSS cookie with the value 0-4-11 to their browser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fibeair Ip 10 Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy