NVD

Id
86223  
Name
CVE-2017-9132  
Description
A hard-coded credentials issue was discovered on Mimosa Client Radios before 2.2.3, Mimosa Backhaul Radios before 2.2.3, and Mimosa Access Points before 2.2.3. These devices run Mosquitto, a lightweight message broker, to send information between devices. By using the vendor's hard-coded credentials to connect to the broker on any device (whether it be an AP, Client, or Backhaul model), an attacker can view all the messages being sent between the devices. If an attacker connects to an AP, the AP will leak information about any clients connected to it, including the serial numbers, which can be used to remotely factory reset the clients via a page in their web interface.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:N/A:N)  
Pub Date
2017-05-27  
Published
2017-05-21  
Modified Date
2017-05-26  
Seq
2017-9132  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
421581 86223 CVE-2017-3162 98017  View
421582 86223 CVE-2017-3162 98017  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
67900 JVNDB-2017-004182 Mimosa Client および Backhaul におけるハードコードされた認証情報の使用に関する脆弱性 Mimosa Client および Backhaul には、ハードコードされた認証情報の使用に関する脆弱性が存在します。 CVE-2017-9132 0 CVE-2017-9132 86223 5 7.5 http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-004182.html 2017-05-12 2017-06-19 View