CVE-2017-9134

Name of the Vulnerable Software and Affected Versions Mimosa Client Radios versions prior to 2.2.3 Mimosa Backhaul Radios versions prior to 2.2.3

Description An information-leakage issue allows unauthorized access to a device's serial number through a page in the web interface, without requiring login credentials. This issue is significant because another page, accessible without authentication, permits remote factory reset of the device by simply entering the serial number.

Recommendations For Mimosa Client Radios versions prior to 2.2.3, update to version 2.2.3 or later to resolve the issue. For Mimosa Backhaul Radios versions prior to 2.2.3, update to version 2.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation.