CVE-2020-36907 HIGH

CVE-2020-36907: Extreme Networks Aerohive HiveOS <=11.x 11.x Unauthenticated Remote Denial of Service

Vendor Extreme Networks
Product Aerohive HiveOS
Weakness CWE-770 · Uncontrolled resource consumption
Published January 6, 2026
Last update March 23, 2026

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Aerohive HiveOS contains a denial of service vulnerability in the NetConfig UI that allows unauthenticated attackers to render the web interface unusable. Attackers can send a crafted HTTP request to the action.php5 script with specific parameters to trigger a 5-minute service disruption.

Key dates

02Disclosure timeline

January 6, 2026 CVE published
March 23, 2026 Record updated

Related vulnerabilities

04Related CVE