MidnightBSD

Advisories for airangel

CVE-2021-40517 LOW

Airangel HSMX Gateway devices through 5.2.04 is vulnerable to stored Cross Site Scripting. XSS Payload is placed in the name column of the updates table using database access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
airangel hsmx-app-1000_firmware *
airangel hsmx-app-100_firmware *
airangel hsmx-app-20000_firmware *
airangel hsmx-app-25_firmware *
airangel hsmx-app-5000_firmware *
CVE-2021-40518 MEDIUM

Airangel HSMX Gateway devices through 5.2.04 allow CSRF.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
airangel hsmx-app-1000_firmware *
airangel hsmx-app-100_firmware *
airangel hsmx-app-20000_firmware *
airangel hsmx-app-25_firmware *
airangel hsmx-app-5000_firmware *
CVE-2021-40519 MEDIUM

Airangel HSMX Gateway devices through 5.2.04 have Hard-coded Database Credentials.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N 3.9 5.8

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,

Products Affected

Vendor Product Version
airangel hsmx-app-1000_firmware *
airangel hsmx-app-100_firmware *
airangel hsmx-app-20000_firmware *
airangel hsmx-app-25_firmware *
airangel hsmx-app-5000_firmware *
CVE-2021-40520 MEDIUM

Airangel HSMX Gateway devices through 5.2.04 have Weak SSH Credentials.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-521,

Products Affected

Vendor Product Version
airangel hsmx-app-1000_firmware *
airangel hsmx-app-100_firmware *
airangel hsmx-app-20000_firmware *
airangel hsmx-app-25_firmware *
airangel hsmx-app-5000_firmware *
CVE-2021-40521 HIGH

Airangel HSMX Gateway devices through 5.2.04 allow Remote Code Execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
airangel hsmx-app-1000_firmware *
airangel hsmx-app-100_firmware *
airangel hsmx-app-20000_firmware *
airangel hsmx-app-25_firmware *
airangel hsmx-app-5000_firmware *