{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-05-21T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. In the device's web interface, after logging in, there is a page that allows you to ping other hosts from the device and view the results. The user is allowed to specify which host to ping, but this variable is not sanitized server-side, which allows an attacker to pass a specially crafted string to execute shell commands as the root user."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-05-21T21:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://blog.iancaling.com/post/160596244178"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-9133", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. In the device's web interface, after logging in, there is a page that allows you to ping other hosts from the device and view the results. The user is allowed to specify which host to ping, but this variable is not sanitized server-side, which allows an attacker to pass a specially crafted string to execute shell commands as the root user."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://blog.iancaling.com/post/160596244178", "refsource": "MISC", "url": "http://blog.iancaling.com/post/160596244178"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:55:22.367Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blog.iancaling.com/post/160596244178"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-9133", "datePublished": "2017-05-21T21:00:00", "dateReserved": "2017-05-21T00:00:00", "dateUpdated": "2024-08-05T16:55:22.367Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mimosa:backhaul_radios:*:*:*:*:*:*:*:*", "matchCriteriaId": "F469E35D-A0BC-4E8D-8CD6-F5BF223F7823", "versionEndIncluding": "2.2.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:mimosa:client_radios:*:*:*:*:*:*:*:*", "matchCriteriaId": "30E63E47-17AF-470D-8C30-19FAE29B1828", "versionEndIncluding": "2.2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. In the device's web interface, after logging in, there is a page that allows you to ping other hosts from the device and view the results. The user is allowed to specify which host to ping, but this variable is not sanitized server-side, which allows an attacker to pass a specially crafted string to execute shell commands as the root user."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Mimosa Client Radios anterior a versi\u00f3n 2.2.3 y Mimosa Backhaul Radios anterior a versi\u00f3n 2.2.3. En la interfaz web del dispositivo, despu\u00e9s de iniciar sesi\u00f3n, existe una p\u00e1gina que permite hacer ping a otros hosts desde el dispositivo y visualizar los resultados. El usuario puede especificar a qu\u00e9 host hacer ping, pero esta variable no est\u00e1 saneada del lado del servidor, lo que permite a un atacante pasar una cadena especialmente dise\u00f1ada para ejecutar comandos de shell como usuario root."}], "id": "CVE-2017-9133", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-05-21T21:29:00.253", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://blog.iancaling.com/post/160596244178"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://blog.iancaling.com/post/160596244178"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}