CVE-2017-9132

Name of the Vulnerable Software and Affected Versions Mimosa Client Radios versions prior to 2.2.3 Mimosa Backhaul Radios versions prior to 2.2.3 Mimosa Access Points versions prior to 2.2.3

Description A hard-coded credentials issue was discovered in Mimosa devices that run Mosquitto, a lightweight message broker. This allows an attacker to connect to the broker on any device using the vendor's hard-coded credentials and view all messages being sent between devices. If an attacker connects to an Access Point, it will leak information about connected clients, including serial numbers, which can be used to remotely factory reset the clients.

Recommendations For Mimosa Client Radios versions prior to 2.2.3, update to version 2.2.3 or later. For Mimosa Backhaul Radios versions prior to 2.2.3, update to version 2.2.3 or later. For Mimosa Access Points versions prior to 2.2.3, update to version 2.2.3 or later.