{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Mesh OS", "vendor": "Tropos", "versions": [{"lessThan": "7.9.1.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "research group composed of Nadia Heninger (University of California at San Diego), Zakir Durumeric (University of Michigan), Eric Wustrow (University of Michigan), and J. Alex Halderman (University of Michigan)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere.</p>"}], "value": "Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere."}], "metrics": [{"cvssV2_0": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.1, "confidentialityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:C/I:P/A:N", "version": "2.0"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"description": "CWE 331", "lang": "en"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-07-09T16:22:48.905Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-12-297-01"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Tropos Networks has released customer notification and an update (Tropos\n Mesh OS 7.9.1.1) for its network device embedded software. This update \ncan be downloaded from the Tropos software download page. Download of \nthe update requires a valid user name and password. The updated firmware\n fixes the vulnerability by using sufficient entropy to generate unique \nSSH host keys.\n\n<br>"}], "value": "Tropos Networks has released customer notification and an update (Tropos\n Mesh OS 7.9.1.1) for its network device embedded software. This update \ncan be downloaded from the Tropos software download page. Download of \nthe update requires a valid user name and password. The updated firmware\n fixes the vulnerability by using sufficient entropy to generate unique \nSSH host keys."}], "source": {"advisory": "ICSA-12-297-01", "discovery": "EXTERNAL"}, "title": "Tropos Wireless Mesh Routers Insufficient Entropy", "x_generator": {"engine": "Vulnogram 0.2.0"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2012-4898", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-297-01.pdf", "refsource": "MISC", "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-297-01.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:50:18.119Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-297-01.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2012-4898", "datePublished": "2012-12-18T11:00:00Z", "dateReserved": "2012-09-12T00:00:00Z", "dateUpdated": "2025-07-09T16:22:48.905Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tropos:mesh_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E8693B2-5D42-46A1-9994-42E5BADCAB75", "versionEndIncluding": "7.9.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tropos:1310_distrubution_automation_mesh_router:-:*:*:*:*:*:*:*", "matchCriteriaId": "A7852E70-8D02-482E-95FB-2E0CA77E17B4", "vulnerable": true}, {"criteria": "cpe:2.3:h:tropos:1410_mesh_router:-:*:*:*:*:*:*:*", "matchCriteriaId": "E27A596C-9AB4-47FB-8CC1-A442AE2B166B", "vulnerable": true}, {"criteria": "cpe:2.3:h:tropos:1410_wireless_mesh_router:-:*:*:*:*:*:*:*", "matchCriteriaId": "A03DF812-5697-4216-B34A-68F862258BB4", "vulnerable": true}, {"criteria": "cpe:2.3:h:tropos:3310_indoor_mesh_router:-:*:*:*:*:*:*:*", "matchCriteriaId": "FB430981-1D88-4C92-BC7E-A6AFA1525A76", "vulnerable": true}, {"criteria": "cpe:2.3:h:tropos:3320_indoor_mesh_router:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B9E51A6-A559-4113-A7C6-EE3C7DF1B5EE", "vulnerable": true}, {"criteria": "cpe:2.3:h:tropos:4310_mobile_mesh_router:-:*:*:*:*:*:*:*", "matchCriteriaId": "668A0BBA-9F67-4E63-A2CE-7A114B42E58F", "vulnerable": true}, {"criteria": "cpe:2.3:h:tropos:6310_mesh_router:-:*:*:*:*:*:*:*", "matchCriteriaId": "9E564CC3-C509-428D-AEB4-8F100ECFF0B3", "vulnerable": true}, {"criteria": "cpe:2.3:h:tropos:6320_mesh_router:-:*:*:*:*:*:*:*", "matchCriteriaId": "0FA11508-E41A-431A-9386-7D8A95C0D8D6", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere."}, {"lang": "es", "value": "Mesh OS antes de v7.9.1.1 en los routers Tropos inal\u00e1mbricos no utilizan una fuente suficiente de entrop\u00eda para claves SSH, lo que hace que sea m\u00e1s f\u00e1cil para atacantes man-in-the-middle falsificar un dispositivo o modificar un flujo de datos cliente-servidor mediante el aprovechamiento de conocimiento de una clave de una instalaci\u00f3n del producto en otros lugares."}], "id": "CVE-2012-4898", "lastModified": "2025-07-09T17:15:29.767", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.1, "confidentialityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:C/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 7.8, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "ics-cert@hq.dhs.gov", "type": "Secondary", "userInteractionRequired": false}, {"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.1, "confidentialityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:C/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 7.8, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-12-18T12:30:05.920", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-12-297-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-297-01.pdf"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}