VYPR

Client Radios

by Mimosa

CVEs (6)

  • CVE-2017-9135HigMay 21, 2017
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered on Mimosa Client Radios before 2.2.4 and Mimosa Backhaul Radios before 2.2.4. On the backend of the device's web interface, there are some diagnostic tests available that are not displayed on the webpage; these are only accessible by crafting a POST…

  • CVE-2017-9133HigMay 21, 2017
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. In the device's web interface, after logging in, there is a page that allows you to ping other hosts from the device and view the results. The user is allowed to specify which…

  • CVE-2017-9136HigMay 21, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on Mimosa Client Radios before 2.2.3. In the device's web interface, there is a page that allows an attacker to use an unsanitized GET parameter to download files from the device as the root user. The attacker can download any file from the device's…

  • CVE-2017-9134HigMay 21, 2017
    risk 0.49cvss 7.5epss 0.01

    An information-leakage issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. There is a page in the web interface that will show you the device's serial number, regardless of whether or not you have logged in. This information-leakage…

  • CVE-2017-9132HigMay 21, 2017
    risk 0.49cvss 7.5epss 0.01

    A hard-coded credentials issue was discovered on Mimosa Client Radios before 2.2.3, Mimosa Backhaul Radios before 2.2.3, and Mimosa Access Points before 2.2.3. These devices run Mosquitto, a lightweight message broker, to send information between devices. By using the vendor's…

  • CVE-2017-9131HigMay 21, 2017
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. By connecting to the Mosquitto broker on an access point and one of its clients, an attacker can gather enough information to craft a command that reboots the client remotely…