Critical Flaws Expose Mimosa Wireless Broadband Devices to Remote Attacks

A researcher has discovered several critical vulnerabilities in wireless broadband products made by Mimosa Networks. The flaws can expose affected devices to remote attacks.

Mimosa, a division of Airspan, provides wireless broadband solutions that can be used to connect dense urban homes, as well as hard-to-reach rural homes.

According to an advisory published last week by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Mimosa’s management platform (MMP), as well as its point-to-point (PTP) and point-to-multipoint (PTMP) products are affected by seven types of vulnerabilities.

Four of the security holes have been assigned a severity rating of “critical,” including issues that can be exploited for remote code execution, obtaining sensitive information, and causing a denial-of-service (DoS) condition. Two of the remaining flaws, which can be exploited for arbitrary code execution and obtaining sensitive information, have been rated “high severity.”

Mimosa has released updates that should patch these vulnerabilities.

SecurityWeek has reached out to Noam Moshe, vulnerability researcher at industrial and IoT security firm Claroty, who has been credited for finding the flaws.

Moshe says the vulnerabilities can be exploited remotely from the internet — the attacker only needs to be able to access the cloud-based management web interface. The security holes expose all cloud-connected devices to attacks.

“Before the vulnerabilities were patched, to exploit these vulnerabilities an attacker would have needed to send specially crafted requests to the cloud servers in order to gain full access,” the researcher explained.

He added, “By exploiting these vulnerabilities, a remote attacker could exfiltrate sensitive data from all cloud-connected devices, including the device's real-life locations, shared secrets and internal data of the company that owns the device. Furthermore, attackers could even achieve remote code execution on field internet-supplying devices, gaining full control of the devices and full access to any information being kept on them.”

According to CISA, the vulnerabilities have been patched by Mimosa with the release of version 1.0.4 of MMP and version 2.90 for the impacted PTP and PTMP products.

Related: FragAttacks: New Vulnerabilities Expose All Devices With Wi-Fi to Attacks

Related: Vulnerabilities in Realtek Wi-Fi Module Expose Many Devices to Remote Attacks