CVE-2017-9134

{"id": "CVE-2017-9134", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2017-05-21T21:29:00.283", "references": [{"url": "http://blog.iancaling.com/post/160596244178", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "An information-leakage issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. There is a page in the web interface that will show you the device's serial number, regardless of whether or not you have logged in. This information-leakage issue is relevant because there is another page (accessible without any authentication) that allows you to remotely factory reset the device simply by entering the serial number."}, {"lang": "es", "value": "Se detect\u00f3 un problema de filtrado de informaci\u00f3n en Mimosa Client Radios anterior a versi\u00f3n 2.2.3 y Mimosa Backhaul Radios anterior a versi\u00f3n 2.2.3. Existe una p\u00e1gina en la interfaz web que le mostrar\u00e1 el n\u00famero de serial del dispositivo, independientemente de si ha iniciado sesi\u00f3n o no. Este problema de filtrado de informaci\u00f3n es relevante porque hay otra p\u00e1gina (accesible sin ninguna autenticaci\u00f3n) que le permite restablecer remotamente el dispositivo de f\u00e1brica simplemente mediante el ingreso del n\u00famero de serie."}], "lastModified": "2017-05-26T13:14:53.127", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mimosa:backhaul_radios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F469E35D-A0BC-4E8D-8CD6-F5BF223F7823", "versionEndIncluding": "2.2.1"}, {"criteria": "cpe:2.3:o:mimosa:client_radios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30E63E47-17AF-470D-8C30-19FAE29B1828", "versionEndIncluding": "2.2.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}