Login Sign Up

CVE-2020-15835

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

This vulnerability allows attackers with a specific private key to authenticate as root on affected Mofi routers without knowing the actual root password. It affects Mofi Network MOFI4500-4GXeLTE devices running version 4.1.5-std. This provides complete administrative control over the router.

💻 Affected Systems

Products:
  • Mofi Network MOFI4500-4GXeLTE
Versions: 4.1.5-std
Operating Systems: Embedded Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running the affected firmware version are vulnerable by default.

📦 What is this software?

Mofi4500 4gxelte Firmware by Mofinetwork

View all CVEs affecting Mofi4500 4gxelte Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of router with root access, enabling traffic interception, network pivoting, credential theft, and persistent backdoor installation.

🟠

Likely Case

Unauthorized administrative access leading to network configuration changes, DNS hijacking, and surveillance of network traffic.

🟢

If Mitigated

Limited impact if management interfaces are not exposed to untrusted networks and proper network segmentation is implemented.

🌐 Internet-Facing: HIGH - Management interfaces exposed to internet would allow remote root compromise.
🏢 Internal Only: MEDIUM - Internal attackers with network access could exploit if management interface is reachable.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires possession of the specific private key but is otherwise straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Later versions after 4.1.5-std

Vendor Advisory: https://mofinetwork.com/index.php?main_page=page&id=14

Restart Required: Yes

Instructions:

1. Log into router admin interface. 2. Navigate to firmware update section. 3. Download latest firmware from Mofi Network. 4. Upload and apply firmware update. 5. Reboot router.

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to management interface

Network segmentation

all

Isolate router management interface to trusted network segment

🧯 If You Can't Patch

  • Replace affected routers with non-vulnerable models
  • Implement strict firewall rules to block all external access to router management interfaces

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router admin interface under System Information or Status page

Check Version:

Login to router web interface and navigate to System Status or equivalent page

Verify Fix Applied:

Confirm firmware version is updated to a version later than 4.1.5-std

📡 Detection & Monitoring

Log Indicators:

  • Unexpected root logins
  • Authentication attempts using non-standard methods
  • Configuration changes from unknown sources

Network Indicators:

  • Unauthorized access to router management ports (typically 80, 443, 22)
  • Suspicious traffic patterns from router

SIEM Query:

source="router" AND (event_type="authentication" AND user="root") OR (event_type="configuration_change")

📊 Metadata

CVE ID: CVE-2020-15835
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-287
Published: February 1, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-15835, you might also want to check these:

CVE-2024-27767 10.0

CVE-2024-27767 is an authentication bypass vulnerability that allows attackers to gain unauthorized ...

Same vulnerability type (CWE-287)
CVE-2026-24898 10.0

OpenEMR versions before 8.0.0 contain an unauthenticated token disclosure vulnerability in the MedEx...

Same vulnerability type (CWE-287)
CVE-2026-20127 10.0

This critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager al...

Same vulnerability type (CWE-287)