24 matches found
EUVD-2017-18069
Malware in sbrugna...
EUVD-2017-18074
Malware in sbrugna...
EUVD-2017-18072
Malware in sbrugna...
Unspecified Vulnerability in Mimosa Client Radios and Mimosa Backhaul Radios (CNVD-2017-08182)
Mimosa Client Radios and Mimosa Backhaul Radios are both products of Mimosa Networks, Inc.Mimosa Client Radios is a hypervisor for the client devices of the Mimosa multipoint solution.Mimosa Backhaul Radios is Mimosa Backhaul Radios is a management program for broadband backhaul devices. A securi...
Mimosa Client Radios and Mimosa Backhaul Radios Denial of Service Vulnerabilities
Mimosa Client Radios and Mimosa Backhaul Radios are both products of Mimosa Networks, Inc.Mimosa Client Radios is a hypervisor for the client devices of the Mimosa multipoint solution.Mimosa Backhaul Radios is Mimosa Backhaul Radios is a management program for broadband backhaul devices. A denial...
Unspecified Vulnerability in Multiple Mimosa Products
Mimosa Client Radios, Mimosa Backhaul Radios, and Mimosa Access Points are all products of Mimosa Networks, Inc.Mimosa Client Radios is a hypervisor for the client devices of the Mimosa Multi-Point solution. Mimosa Backhaul Radios is a hypervisor for broadband backhaul devices.Mimosa Access Point...
Mimosa Client Radios Information Disclosure Vulnerability
Mimosa Client Radios is a management program for client devices of the Mimosa multipoint solution from Mimosa Networks, Inc. A security vulnerability exists in Mimosa Client Radios versions prior to 2.2.3. The vulnerability can be exploited by an attacker to download arbitrary files from the devi...
Unspecified Vulnerabilities in Mimosa Client Radios and Mimosa Backhaul Radios
Mimosa Client Radios and Mimosa Backhaul Radios are both products of Mimosa Networks, Inc.Mimosa Client Radios is a hypervisor for the client devices of the Mimosa multipoint solution.Mimosa Backhaul Radios is Mimosa Backhaul Radios is a management program for broadband backhaul devices. A securi...
Code injection
An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. In the device's web interface, after logging in, there is a page that allows you to ping other hosts from the device and view the results. The user is allowed to specify which host to ping, but...
CVE-2017-9136
An issue was discovered on Mimosa Client Radios before 2.2.3. In the device's web interface, there is a page that allows an attacker to use an unsanitized GET parameter to download files from the device as the root user. The attacker can download any file from the device's filesystem. This can be...
Command injection
An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. By connecting to the Mosquitto broker on an access point and one of its clients, an attacker can gather enough information to craft a command that reboots the client remotely when sent to the...
Design/Logic Flaw
An issue was discovered on Mimosa Client Radios before 2.2.3. In the device's web interface, there is a page that allows an attacker to use an unsanitized GET parameter to download files from the device as the root user. The attacker can download any file from the device's filesystem. This can be...
CVE-2017-9136
An issue was discovered on Mimosa Client Radios before 2.2.3. In the device's web interface, there is a page that allows an attacker to use an unsanitized GET parameter to download files from the device as the root user. The attacker can download any file from the device's filesystem. This can be...
CVE-2017-9132
A hard-coded credentials issue was discovered on Mimosa Client Radios before 2.2.3, Mimosa Backhaul Radios before 2.2.3, and Mimosa Access Points before 2.2.3. These devices run Mosquitto, a lightweight message broker, to send information between devices. By using the vendor's hard-coded...
CVE-2017-9134
An information-leakage issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. There is a page in the web interface that will show you the device's serial number, regardless of whether or not you have logged in. This information-leakage issue is relevant...
CVE-2017-9131
An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. By connecting to the Mosquitto broker on an access point and one of its clients, an attacker can gather enough information to craft a command that reboots the client remotely when sent to the...
CVE-2017-9134
The CVE-2017-9134 issue affects Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. A web UI page exposes the device serial number without requiring authentication, and another unauthenticated page allows remotely performing a factory reset by entering that serial number. T...
CVE-2017-9131
The CVE-2017-9131 issue affects Mimosa Client Radios and Backhaul Radios running versions before 2.2.3. An attacker can leverage the Mosquitto broker on an access point and a client to craft a command that reboots the client remotely via the broker, described as an unauthenticated remote command ...
CVE-2017-9131
An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. By connecting to the Mosquitto broker on an access point and one of its clients, an attacker can gather enough information to craft a command that reboots the client remotely when sent to the...
CVE-2017-9136
Mimosa Client Radios before 2.2.3 are affected. A vulnerability in the device web interface allows an attacker to exploit an unsanitized GET parameter to download arbitrary files from the device as root, enabling viewing of administrator passwords (MD5-hashed, unsalted), plaintext PSK, and the de...