Vulnerability Description
An information-leakage issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. There is a page in the web interface that will show you the device's serial number, regardless of whether or not you have logged in. This information-leakage issue is relevant because there is another page (accessible without any authentication) that allows you to remotely factory reset the device simply by entering the serial number.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mimosa | Backhaul Radios | <= 2.2.1 |
| Mimosa | Client Radios | <= 2.2.1 |
Related Weaknesses (CWE)
References
- http://blog.iancaling.com/post/160596244178Third Party Advisory
- http://blog.iancaling.com/post/160596244178Third Party Advisory
FAQ
What is CVE-2017-9134?
CVE-2017-9134 is a vulnerability with a CVSS score of 7.5 (HIGH). An information-leakage issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. There is a page in the web interface that will show you the device's serial nu...
How severe is CVE-2017-9134?
CVE-2017-9134 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-9134?
Check the references section above for vendor advisories and patch information. Affected products include: Mimosa Backhaul Radios, Mimosa Client Radios.