24 matches found
EUVD-2017-18072
Malware in sbrugna...
EUVD-2017-18069
Malware in sbrugna...
EUVD-2017-18074
Malware in sbrugna...
Unspecified Vulnerability in Mimosa Client Radios and Mimosa Backhaul Radios (CNVD-2017-08182)
Mimosa Client Radios and Mimosa Backhaul Radios are both products of Mimosa Networks, Inc.Mimosa Client Radios is a hypervisor for the client devices of the Mimosa multipoint solution.Mimosa Backhaul Radios is Mimosa Backhaul Radios is a management program for broadband backhaul devices. A securi...
Unspecified Vulnerabilities in Mimosa Client Radios and Mimosa Backhaul Radios
Mimosa Client Radios and Mimosa Backhaul Radios are both products of Mimosa Networks, Inc.Mimosa Client Radios is a hypervisor for the client devices of the Mimosa multipoint solution.Mimosa Backhaul Radios is Mimosa Backhaul Radios is a management program for broadband backhaul devices. A securi...
Unspecified Vulnerability in Multiple Mimosa Products
Mimosa Client Radios, Mimosa Backhaul Radios, and Mimosa Access Points are all products of Mimosa Networks, Inc.Mimosa Client Radios is a hypervisor for the client devices of the Mimosa Multi-Point solution. Mimosa Backhaul Radios is a hypervisor for broadband backhaul devices.Mimosa Access Point...
Mimosa Client Radios Information Disclosure Vulnerability
Mimosa Client Radios is a management program for client devices of the Mimosa multipoint solution from Mimosa Networks, Inc. A security vulnerability exists in Mimosa Client Radios versions prior to 2.2.3. The vulnerability can be exploited by an attacker to download arbitrary files from the devi...
Mimosa Client Radios and Mimosa Backhaul Radios Denial of Service Vulnerabilities
Mimosa Client Radios and Mimosa Backhaul Radios are both products of Mimosa Networks, Inc.Mimosa Client Radios is a hypervisor for the client devices of the Mimosa multipoint solution.Mimosa Backhaul Radios is Mimosa Backhaul Radios is a management program for broadband backhaul devices. A denial...
CVE-2017-9131
An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. By connecting to the Mosquitto broker on an access point and one of its clients, an attacker can gather enough information to craft a command that reboots the client remotely when sent to the...
Command injection
An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. By connecting to the Mosquitto broker on an access point and one of its clients, an attacker can gather enough information to craft a command that reboots the client remotely when sent to the...
CVE-2017-9132
A hard-coded credentials issue was discovered on Mimosa Client Radios before 2.2.3, Mimosa Backhaul Radios before 2.2.3, and Mimosa Access Points before 2.2.3. These devices run Mosquitto, a lightweight message broker, to send information between devices. By using the vendor's hard-coded...
CVE-2017-9136
An issue was discovered on Mimosa Client Radios before 2.2.3. In the device's web interface, there is a page that allows an attacker to use an unsanitized GET parameter to download files from the device as the root user. The attacker can download any file from the device's filesystem. This can be...
CVE-2017-9136
An issue was discovered on Mimosa Client Radios before 2.2.3. In the device's web interface, there is a page that allows an attacker to use an unsanitized GET parameter to download files from the device as the root user. The attacker can download any file from the device's filesystem. This can be...
CVE-2017-9134
An information-leakage issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. There is a page in the web interface that will show you the device's serial number, regardless of whether or not you have logged in. This information-leakage issue is relevant...
Code injection
An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. In the device's web interface, after logging in, there is a page that allows you to ping other hosts from the device and view the results. The user is allowed to specify which host to ping, but...
Design/Logic Flaw
An issue was discovered on Mimosa Client Radios before 2.2.3. In the device's web interface, there is a page that allows an attacker to use an unsanitized GET parameter to download files from the device as the root user. The attacker can download any file from the device's filesystem. This can be...
CVE-2017-9132
CVE-2017-9132 describes a hard-coded credentials flaw affecting Mimosa Client Radios, Mimosa Backhaul Radios, and Mimosa Access Points released before 2.2.3. The devices run Mosquitto to exchange data; exploitation enables an attacker to connect to the broker using embedded credentials and view m...
CVE-2017-9133
The CVE affects Mimosa Client Radios (pre-2.2.3) and Mimosa Backhaul Radios (pre-2.2.3). In the device web interface, after login, a page lets the user specify a host to ping; this input is not sanitized server-side, enabling an attacker to pass a crafted string that executes shell commands as ro...
CVE-2017-9135
The CVE-2017-9135 entry concerns Mimosa Client Radios and Mimosa Backhaul Radios prior to version 2.2.4. The issue lies in a backend web‑interface diagnostic feature that is not shown on the web UI but accessible via a crafted POST request (e.g., curl). One such test does not properly sanitize us...
CVE-2017-9131
The CVE-2017-9131 issue affects Mimosa Client Radios and Backhaul Radios running versions before 2.2.3. An attacker can leverage the Mosquitto broker on an access point and a client to craft a command that reboots the client remotely via the broker, described as an unauthenticated remote command ...