CVE-2017-9136

An issue was discovered on Mimosa Client Radios before 2.2.3. In the device's web interface, there is a page that allows an attacker to use an unsanitized GET parameter to download files from the device as the root user. The attacker can download any file from the device's filesystem. This can be used to view unsalted, MD5-hashed administrator passwords, which can then be cracked, giving the attacker full admin access to the device's web interface. This vulnerability can also be used to view the plaintext pre-shared key (PSK) for encrypted wireless connections, or to view the device's serial number (which allows an attacker to factory reset the device).
References
Link Resource
http://blog.iancaling.com/post/160596244178 Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:o:mimosa:client_radios:*:*:*:*:*:*:*:*
cpe:2.3:o:mimosa:backhaul_radios:*:*:*:*:*:*:*:*

Information

Published : 2017-05-21 14:29

Updated : 2019-10-02 17:03


NVD link : CVE-2017-9136

Mitre link : CVE-2017-9136


JSON object : View

CWE
CWE-522

Insufficiently Protected Credentials

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

CWE-732

Incorrect Permission Assignment for Critical Resource

Advertisement

dedicated server usa

Products Affected

mimosa

  • backhaul_radios
  • client_radios