Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Partial

Availability Impact None

AV:N/AC:H/Au:N/C:C/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Tropos
  • 1310 Distrubution Automation Mesh Router
  • 1410 Mesh Router
  • 1410 Wireless Mesh Router
  • 3310 Indoor Mesh Router
  • 3320 Indoor Mesh Router
  • 4310 Mobile Mesh Router
  • 6310 Mesh Router
  • 6320 Mesh Router
  • Mesh Os

Configuration 1 [-]

AND
cpe:2.3:o:tropos:mesh_os:*:*:*:*:*:*:*:*
OR cpe:2.3:h:tropos:1310_distrubution_automation_mesh_router:-:*:*:*:*:*:*:*
cpe:2.3:h:tropos:1410_mesh_router:-:*:*:*:*:*:*:*
cpe:2.3:h:tropos:1410_wireless_mesh_router:-:*:*:*:*:*:*:*
cpe:2.3:h:tropos:3310_indoor_mesh_router:-:*:*:*:*:*:*:*
cpe:2.3:h:tropos:3320_indoor_mesh_router:-:*:*:*:*:*:*:*
cpe:2.3:h:tropos:4310_mobile_mesh_router:-:*:*:*:*:*:*:*
cpe:2.3:h:tropos:6310_mesh_router:-:*:*:*:*:*:*:*
cpe:2.3:h:tropos:6320_mesh_router:-:*:*:*:*:*:*:*

No data.

References
Link Providers
http://www.us-cert.gov/control_systems/pdf/ICSA-12-297-01.pdf cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2012-12-18T11:00:00Z

Updated: 2024-09-17T01:01:31.207Z

Reserved: 2012-09-12T00:00:00Z

Link: CVE-2012-4898

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2012-12-18T12:30:05.920

Modified: 2024-11-21T01:43:42.850

Link: CVE-2012-4898

cve-icon Redhat

No data.