CVE-2020-16152

CRITICAL

Aerohive NetConfig 10.0r8a LFI and log poisoning to RCE

Title source: metasploit

Description

The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file.

Exploits (3)

nomisec WORKING POC 11 stars

by Nate0634034090 · poc

https://github.com/Nate0634034090/nate158g-m-w-n-l-p-d-a-o-e

View Code ZIP pw:eip

nomisec WORKING POC 11 stars

by eriknl · poc

https://github.com/eriknl/CVE-2020-16152

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Erik de Jong, Erik Wynter · rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/aerohive_netconfig_lfi_log_poison_rce.rb

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/164957/Aerohive-NetConfig-10.0r8a-Local-File-Inclusion-Remote-Code-Execution.html

[Vendor Advisory] https://gtacknowledge.extremenetworks.com/articles/Vulnerability_Notice/VN-2020-001

Scores

CVSS v3 9.8

EPSS 0.8490

EPSS Percentile 99.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-829

Status published

Affected Products (3)

extremenetworks/aerohive_netconfig < 10.0r8a

extremenetworks/aerohive_netconfig

extremenetworks/aerohive_netconfig

Timeline

Published Nov 14, 2021

Tracked Since Feb 18, 2026