CVE-2017-9133

Name of the Vulnerable Software and Affected Versions Mimosa Client Radios versions prior to 2.2.3 Mimosa Backhaul Radios versions prior to 2.2.3

Description An issue was discovered in the device's web interface, where a page allows users to ping other hosts and view the results. The host variable is not sanitized server-side, allowing an attacker to pass a specially crafted string and execute shell commands as the root user.

Recommendations For Mimosa Client Radios versions prior to 2.2.3, update to version 2.2.3 or later. For Mimosa Backhaul Radios versions prior to 2.2.3, update to version 2.2.3 or later.