Mimosa
Products
6- 6 CVEs
- 6 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
Recent CVEs
10| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-9135 | Hig | 0.57 | 8.8 | 0.01 | May 21, 2017 | An issue was discovered on Mimosa Client Radios before 2.2.4 and Mimosa Backhaul Radios before 2.2.4. On the backend of the device's web interface, there are some diagnostic tests available that are not displayed on the webpage; these are only accessible by crafting a POST… | ||
| CVE-2017-9133 | Hig | 0.57 | 8.8 | 0.01 | May 21, 2017 | An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. In the device's web interface, after logging in, there is a page that allows you to ping other hosts from the device and view the results. The user is allowed to specify which… | ||
| CVE-2017-9136 | Hig | 0.49 | 7.5 | 0.01 | May 21, 2017 | An issue was discovered on Mimosa Client Radios before 2.2.3. In the device's web interface, there is a page that allows an attacker to use an unsanitized GET parameter to download files from the device as the root user. The attacker can download any file from the device's… | ||
| CVE-2017-9134 | Hig | 0.49 | 7.5 | 0.01 | May 21, 2017 | An information-leakage issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. There is a page in the web interface that will show you the device's serial number, regardless of whether or not you have logged in. This information-leakage… | ||
| CVE-2017-9132 | Hig | 0.49 | 7.5 | 0.01 | May 21, 2017 | A hard-coded credentials issue was discovered on Mimosa Client Radios before 2.2.3, Mimosa Backhaul Radios before 2.2.3, and Mimosa Access Points before 2.2.3. These devices run Mosquitto, a lightweight message broker, to send information between devices. By using the vendor's… | ||
| CVE-2017-9131 | Hig | 0.49 | 7.5 | 0.03 | May 21, 2017 | An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. By connecting to the Mosquitto broker on an access point and one of its clients, an attacker can gather enough information to craft a command that reboots the client remotely… | ||
| CVE-2020-25206 | 0.02 | — | 0.05 | Jul 20, 2021 | The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 allows authenticated command injection in the Throughput, WANStats, PhyStats, and QosStats API classes. An attacker with access to a web console account may execute operating system commands on affected devices… | |||
| CVE-2022-21196 | 0.00 | — | 0.04 | Feb 18, 2022 | MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authentication checks on multiple API routes. An attacker may gain access to these API… | |||
| CVE-2022-21215 | 0.00 | — | 0.01 | Feb 18, 2022 | This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages that could perform some actions themselves. The attacker could force the server… | |||
| CVE-2020-25205 | 0.00 | — | 0.01 | Jul 20, 2021 | The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 is vulnerable to stored XSS in the set_banner() function of /var/www/core/controller/index.php. An unauthenticated attacker may set the contents of the /mnt/jffs2/banner.txt file, stored on the device's… |
- risk 0.57cvss 8.8epss 0.01
An issue was discovered on Mimosa Client Radios before 2.2.4 and Mimosa Backhaul Radios before 2.2.4. On the backend of the device's web interface, there are some diagnostic tests available that are not displayed on the webpage; these are only accessible by crafting a POST…
- risk 0.57cvss 8.8epss 0.01
An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. In the device's web interface, after logging in, there is a page that allows you to ping other hosts from the device and view the results. The user is allowed to specify which…
- risk 0.49cvss 7.5epss 0.01
An issue was discovered on Mimosa Client Radios before 2.2.3. In the device's web interface, there is a page that allows an attacker to use an unsanitized GET parameter to download files from the device as the root user. The attacker can download any file from the device's…
- risk 0.49cvss 7.5epss 0.01
An information-leakage issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. There is a page in the web interface that will show you the device's serial number, regardless of whether or not you have logged in. This information-leakage…
- risk 0.49cvss 7.5epss 0.01
A hard-coded credentials issue was discovered on Mimosa Client Radios before 2.2.3, Mimosa Backhaul Radios before 2.2.3, and Mimosa Access Points before 2.2.3. These devices run Mosquitto, a lightweight message broker, to send information between devices. By using the vendor's…
- risk 0.49cvss 7.5epss 0.03
An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. By connecting to the Mosquitto broker on an access point and one of its clients, an attacker can gather enough information to craft a command that reboots the client remotely…
- CVE-2020-25206Jul 20, 2021risk 0.02cvss —epss 0.05
The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 allows authenticated command injection in the Throughput, WANStats, PhyStats, and QosStats API classes. An attacker with access to a web console account may execute operating system commands on affected devices…
- CVE-2022-21196Feb 18, 2022risk 0.00cvss —epss 0.04
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authentication checks on multiple API routes. An attacker may gain access to these API…
- CVE-2022-21215Feb 18, 2022risk 0.00cvss —epss 0.01
This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages that could perform some actions themselves. The attacker could force the server…
- CVE-2020-25205Jul 20, 2021risk 0.00cvss —epss 0.01
The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 is vulnerable to stored XSS in the set_banner() function of /var/www/core/controller/index.php. An unauthenticated attacker may set the contents of the /mnt/jffs2/banner.txt file, stored on the device's…