LiveActive security incident?Get immediate response
CVE Record

CVE-2020-21884: Unibox SMB 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a cross-site request f...

Unibox SMB 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a cross-site request forgery (CSRF) vulnerability in /tools/network-trace, /list_users, /list_byod?usertype=raduser, /dhcp_leases, /go?rid=202 in which a specially crafted HTTP request may reconfigure the device.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

This flaw lets a malicious web request change settings on affected UniBox 2.4 systems if an administrator’s browser is in the right state. That can create business risk because network, user, BYOD, DHCP, or routing-related functions may be altered without clear intent.

Executive priority

Treat this as a targeted operational-risk item, especially for organizations relying on UniBox 2.4 for network administration. Prioritize inventory, management-interface restriction, and vendor guidance review. Escalate if devices are externally reachable or if unexpected configuration changes appear.

Technical view

CVE-2020-21884 is a cross-site request forgery issue in Unibox SMB 2.4, UniBox Enterprise Series 2.4, and UniBox Campus Series 2.4. Reported affected paths include /tools/network-trace, /list_users, /list_byod?usertype=raduser, /dhcp_leases, and /go?rid=202. A crafted HTTP request may reconfigure the device.

Likely exposure

Exposure is most likely where UniBox 2.4 web administration is used and administrators can browse untrusted content while authenticated. Internet-accessible management interfaces increase concern. The sources do not identify other affected versions, CPEs, CVSS score, or a vendor patch.

Exploitation context

The CVE is not listed as CISA KEV in the provided data, and the cited sources do not claim active exploitation. CSRF typically depends on an authenticated administrator’s browser being induced to send an unintended request, rather than direct unauthenticated device access.

Researcher notes

Public data is sparse: no CVSS, CWE, official affected CPEs, patch reference, or active-exploitation claim appears in the provided bundle. The Full Disclosure mirror and KSA advisory are the main technical references. Avoid assuming impact beyond device reconfiguration through the named endpoints.

Mitigation direction

  • Check vendor or maintainer guidance for fixed versions or configuration advisories.
  • Restrict UniBox management access to trusted administrative networks or VPN.
  • Educate administrators to avoid untrusted links while logged into UniBox.
  • Monitor configuration changes on affected devices for unexpected modifications.
  • Review administrative web functions for CSRF defenses before continued use.

Validation and detection

  • Inventory UniBox SMB, Enterprise Series, and Campus Series deployments.
  • Confirm whether any systems run version 2.4.
  • Identify whether the listed web paths are reachable by administrators.
  • Review access logs for unexpected requests to the listed paths.
  • Check change records for unexplained network, user, BYOD, DHCP, or routing changes.
Prepared
Confidence
medium
Sources
4

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2020-21884 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
1ADP providers
4Source links

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CVECVE Program Container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
n/an/an/aListed
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.