Lucene search
K
MimosaClient Radios

6 matches found

CVE
CVE
added 2017/05/21 9:0 p.m.57 views

CVE-2017-9136

Mimosa Client Radios before 2.2.3 are affected. A vulnerability in the device web interface allows an attacker to exploit an unsanitized GET parameter to download arbitrary files from the device as root, enabling viewing of administrator passwords (MD5-hashed, unsalted), plaintext PSK, and the de...

7.8CVSS7.4AI score0.00819EPSS
CVE
CVE
added 2017/05/21 9:0 p.m.48 views

CVE-2017-9131

The CVE-2017-9131 issue affects Mimosa Client Radios and Backhaul Radios running versions before 2.2.3. An attacker can leverage the Mosquitto broker on an access point and a client to craft a command that reboots the client remotely via the broker, described as an unauthenticated remote command ...

7.5CVSS7.5AI score0.02577EPSS
CVE
CVE
added 2017/05/21 9:0 p.m.47 views

CVE-2017-9134

The CVE-2017-9134 issue affects Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. A web UI page exposes the device serial number without requiring authentication, and another unauthenticated page allows remotely performing a factory reset by entering that serial number. T...

7.5CVSS7.3AI score0.01191EPSS
CVE
CVE
added 2017/05/21 9:0 p.m.46 views

CVE-2017-9132

CVE-2017-9132 describes a hard-coded credentials flaw affecting Mimosa Client Radios, Mimosa Backhaul Radios, and Mimosa Access Points released before 2.2.3. The devices run Mosquitto to exchange data; exploitation enables an attacker to connect to the broker using embedded credentials and view m...

7.5CVSS7.3AI score0.01118EPSS
CVE
CVE
added 2017/05/21 9:0 p.m.46 views

CVE-2017-9133

The CVE affects Mimosa Client Radios (pre-2.2.3) and Mimosa Backhaul Radios (pre-2.2.3). In the device web interface, after login, a page lets the user specify a host to ping; this input is not sanitized server-side, enabling an attacker to pass a crafted string that executes shell commands as ro...

9CVSS8.8AI score0.01336EPSS
CVE
CVE
added 2017/05/21 9:0 p.m.40 views

CVE-2017-9135

The CVE-2017-9135 entry concerns Mimosa Client Radios and Mimosa Backhaul Radios prior to version 2.2.4. The issue lies in a backend web‑interface diagnostic feature that is not shown on the web UI but accessible via a crafted POST request (e.g., curl). One such test does not properly sanitize us...

9CVSS8.8AI score0.01336EPSS