Mimosa Client Radios/Backhaul Radios up to 2.2.2 Mosquitto hard-coded credentials
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.1 | $0-$5k | 0.00 |
A vulnerability, which was classified as critical, has been found in Mimosa Client Radios and Backhaul Radios up to 2.2.2. Affected by this issue is an unknown code block of the component Mosquitto. The manipulation with an unknown input leads to a hard-coded credentials vulnerability. Using CWE to declare the problem leads to CWE-798. The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. Impacted is confidentiality, integrity, and availability. CVE summarizes:
A hard-coded credentials issue was discovered on Mimosa Client Radios before 2.2.3, Mimosa Backhaul Radios before 2.2.3, and Mimosa Access Points before 2.2.3. These devices run Mosquitto, a lightweight message broker, to send information between devices. By using the vendor's hard-coded credentials to connect to the broker on any device (whether it be an AP, Client, or Backhaul model), an attacker can view all the messages being sent between the devices. If an attacker connects to an AP, the AP will leak information about any clients connected to it, including the serial numbers, which can be used to remotely factory reset the clients via a page in their web interface.
The bug was discovered 05/12/2017. The weakness was published 05/21/2017 (Website). The advisory is shared for download at blog.iancaling.com. This vulnerability is handled as CVE-2017-9132 since 05/21/2017. The attack may be launched remotely. No form of authentication is required for exploitation. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1110.001.
The vulnerability was handled as a non-public zero-day exploit for at least 9 days. During that time the estimated underground price was around $0-$5k.
Upgrading to version 2.2.3 eliminates this vulnerability.
Similar entries are available at 101539, 101541, 101542 and 101543.
Product
Vendor
Name
Version
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.4VulDB Meta Temp Score: 7.2
VulDB Base Score: 7.3
VulDB Temp Score: 7.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 7.5
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Hard-coded credentialsCWE: CWE-798 / CWE-259 / CWE-255
ATT&CK: T1110.001
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Client Radios/Backhaul Radios 2.2.3
Timeline
05/12/2017 🔍05/21/2017 🔍
05/21/2017 🔍
05/21/2017 🔍
05/22/2017 🔍
09/30/2020 🔍
Sources
Advisory: blog.iancaling.comStatus: Not defined
CVE: CVE-2017-9132 (🔍)
OSVDB: - CVE-2017-9132 - Mimosa - Backhaul Radios - Medium
See also: 🔍
Entry
Created: 05/22/2017 08:47Updated: 09/30/2020 20:45
Changes: 05/22/2017 08:47 (60), 09/30/2020 20:45 (2)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.