Search
Find a vulnerability
Search criteria
3 vulnerabilities found for Mesh OS by Tropos
VAR-201212-0196
Vulnerability from variot - Updated: 2025-07-10 23:04Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere. The Mesh network is the \"wireless mesh network\", which is a wireless multi-hop network. Mesh OS is a routing system. The Tropos wireless network router product uses insufficient entropy when generating the SSH connection key. Mesh OS is prone to an insufficient-entropy vulnerability when generating keys for SSH. This aids in other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201212-0196",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "1410 wireless mesh router",
"scope": "eq",
"trust": 1.0,
"vendor": "tropos",
"version": null
},
{
"model": "3320 indoor mesh router",
"scope": "eq",
"trust": 1.0,
"vendor": "tropos",
"version": null
},
{
"model": "1410 mesh router",
"scope": "eq",
"trust": 1.0,
"vendor": "tropos",
"version": null
},
{
"model": "mesh os",
"scope": "lte",
"trust": 1.0,
"vendor": "tropos",
"version": "7.9.1"
},
{
"model": "6310 mesh router",
"scope": "eq",
"trust": 1.0,
"vendor": "tropos",
"version": null
},
{
"model": "3310 indoor mesh router",
"scope": "eq",
"trust": 1.0,
"vendor": "tropos",
"version": null
},
{
"model": "1310 distrubution automation mesh router",
"scope": "eq",
"trust": 1.0,
"vendor": "tropos",
"version": null
},
{
"model": "4310 mobile mesh router",
"scope": "eq",
"trust": 1.0,
"vendor": "tropos",
"version": null
},
{
"model": "6320 mesh router",
"scope": "eq",
"trust": 1.0,
"vendor": "tropos",
"version": null
},
{
"model": "1310 distribution automation mesh router",
"scope": null,
"trust": 0.8,
"vendor": "tropos",
"version": null
},
{
"model": "1410 mesh router",
"scope": null,
"trust": 0.8,
"vendor": "tropos",
"version": null
},
{
"model": "1410 wireless mesh router",
"scope": null,
"trust": 0.8,
"vendor": "tropos",
"version": null
},
{
"model": "3310 indoor mesh router",
"scope": null,
"trust": 0.8,
"vendor": "tropos",
"version": null
},
{
"model": "3320 indoor mesh router",
"scope": null,
"trust": 0.8,
"vendor": "tropos",
"version": null
},
{
"model": "4310 mobile mesh router",
"scope": null,
"trust": 0.8,
"vendor": "tropos",
"version": null
},
{
"model": "6310 mesh router",
"scope": null,
"trust": 0.8,
"vendor": "tropos",
"version": null
},
{
"model": "6320 mesh router",
"scope": null,
"trust": 0.8,
"vendor": "tropos",
"version": null
},
{
"model": "mesh os",
"scope": "lt",
"trust": 0.8,
"vendor": "tropos",
"version": "7.9.1.1"
},
{
"model": "mesh os",
"scope": "lt",
"trust": 0.6,
"vendor": "tropos",
"version": "7.9.11"
},
{
"model": "mesh os",
"scope": "eq",
"trust": 0.6,
"vendor": "tropos",
"version": "7.9.1"
},
{
"model": "wireless mesh routers",
"scope": "eq",
"trust": 0.3,
"vendor": "tropos",
"version": "0"
},
{
"model": "mesh os",
"scope": "eq",
"trust": 0.3,
"vendor": "tropos",
"version": "7.9"
},
{
"model": "mesh os",
"scope": "ne",
"trust": 0.3,
"vendor": "tropos",
"version": "7.9.1.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7431"
},
{
"db": "BID",
"id": "56890"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005761"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-167"
},
{
"db": "NVD",
"id": "CVE-2012-4898"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:tropos:1310_distrubution_automation_mesh_router",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:tropos:1410_mesh_router",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:tropos:1410_wireless_mesh_router",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:tropos:3310_indoor_mesh_router",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:tropos:3320_indoor_mesh_router",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:tropos:4310_mobile_mesh_router",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:tropos:6310_mesh_router",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:tropos:6320_mesh_router",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tropos:mesh_os",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-005761"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nadia Heninger, Zakir Durumeric, Eric Wustrow, and J. Alex Halderman",
"sources": [
{
"db": "BID",
"id": "56890"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-167"
}
],
"trust": 0.9
},
"cve": "CVE-2012-4898",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CVE-2012-4898",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 2.8,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "VHN-58179",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:C/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2012-4898",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2012-4898",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-4898",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201212-167",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-58179",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-58179"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005761"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-167"
},
{
"db": "NVD",
"id": "CVE-2012-4898"
},
{
"db": "NVD",
"id": "CVE-2012-4898"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere. The Mesh network is the \\\"wireless mesh network\\\", which is a wireless multi-hop network. Mesh OS is a routing system. The Tropos wireless network router product uses insufficient entropy when generating the SSH connection key. Mesh OS is prone to an insufficient-entropy vulnerability when generating keys for SSH. This aids in other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4898"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005761"
},
{
"db": "CNVD",
"id": "CNVD-2012-7431"
},
{
"db": "BID",
"id": "56890"
},
{
"db": "VULHUB",
"id": "VHN-58179"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-4898",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-12-297-01",
"trust": 3.4
},
{
"db": "BID",
"id": "56890",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005761",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201212-167",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2012-7431",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-58179",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7431"
},
{
"db": "VULHUB",
"id": "VHN-58179"
},
{
"db": "BID",
"id": "56890"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005761"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-167"
},
{
"db": "NVD",
"id": "CVE-2012-4898"
}
]
},
"id": "VAR-201212-0196",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7431"
},
{
"db": "VULHUB",
"id": "VHN-58179"
}
],
"trust": 1.2999999999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7431"
}
]
},
"last_update_date": "2025-07-10T23:04:36.246000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://gridcom.tropos.com/landing_index.php"
},
{
"title": "Mesh OS patch with insufficient entropy vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/26486"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7431"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005761"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-58179"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005761"
},
{
"db": "NVD",
"id": "CVE-2012-4898"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-297-01.pdf"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-12-297-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4898"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4898"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/56890"
},
{
"trust": 0.3,
"url": "http://www.tropos.com/products/performance_mesh.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7431"
},
{
"db": "VULHUB",
"id": "VHN-58179"
},
{
"db": "BID",
"id": "56890"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005761"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-167"
},
{
"db": "NVD",
"id": "CVE-2012-4898"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2012-7431"
},
{
"db": "VULHUB",
"id": "VHN-58179"
},
{
"db": "BID",
"id": "56890"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005761"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-167"
},
{
"db": "NVD",
"id": "CVE-2012-4898"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-12-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-7431"
},
{
"date": "2012-12-18T00:00:00",
"db": "VULHUB",
"id": "VHN-58179"
},
{
"date": "2012-12-10T00:00:00",
"db": "BID",
"id": "56890"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-005761"
},
{
"date": "2012-12-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201212-167"
},
{
"date": "2012-12-18T12:30:05.920000",
"db": "NVD",
"id": "CVE-2012-4898"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-12-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-7431"
},
{
"date": "2013-01-29T00:00:00",
"db": "VULHUB",
"id": "VHN-58179"
},
{
"date": "2015-03-19T08:23:00",
"db": "BID",
"id": "56890"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-005761"
},
{
"date": "2012-12-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201212-167"
},
{
"date": "2025-07-09T17:15:29.767000",
"db": "NVD",
"id": "CVE-2012-4898"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201212-167"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tropos wireless mesh router of Mesh OS Vulnerabilities impersonating devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-005761"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201212-167"
}
],
"trust": 0.6
}
}
CVE-2012-4898 (GCVE-0-2012-4898)
Vulnerability from nvd – Published: 2012-12-18 11:00 – Updated: 2025-07-09 16:22
VLAI
Title
Tropos Wireless Mesh Routers Insufficient Entropy
Summary
Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere.
Severity
No CVSS data available.
CWE
- CWE 331
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/i… | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-1… | x_refsource_MISCx_transferred |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:18.119Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-297-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mesh OS",
"vendor": "Tropos",
"versions": [
{
"lessThan": "7.9.1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "research group composed of Nadia Heninger (University of California at San Diego), Zakir Durumeric (University of Michigan), Eric Wustrow (University of Michigan), and J. Alex Halderman (University of Michigan)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere.\u003c/p\u003e"
}
],
"value": "Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:P/A:N",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE 331",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-09T16:22:48.905Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-12-297-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Tropos Networks has released customer notification and an update (Tropos\n Mesh OS 7.9.1.1) for its network device embedded software. This update \ncan be downloaded from the Tropos software download page. Download of \nthe update requires a valid user name and password. The updated firmware\n fixes the vulnerability by using sufficient entropy to generate unique \nSSH host keys.\n\n\u003cbr\u003e"
}
],
"value": "Tropos Networks has released customer notification and an update (Tropos\n Mesh OS 7.9.1.1) for its network device embedded software. This update \ncan be downloaded from the Tropos software download page. Download of \nthe update requires a valid user name and password. The updated firmware\n fixes the vulnerability by using sufficient entropy to generate unique \nSSH host keys."
}
],
"source": {
"advisory": "ICSA-12-297-01",
"discovery": "EXTERNAL"
},
"title": "Tropos Wireless Mesh Routers Insufficient Entropy",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-4898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-297-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-297-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2012-4898",
"datePublished": "2012-12-18T11:00:00.000Z",
"dateReserved": "2012-09-12T00:00:00.000Z",
"dateUpdated": "2025-07-09T16:22:48.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4898 (GCVE-0-2012-4898)
Vulnerability from cvelistv5 – Published: 2012-12-18 11:00 – Updated: 2025-07-09 16:22
VLAI
Title
Tropos Wireless Mesh Routers Insufficient Entropy
Summary
Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere.
Severity
No CVSS data available.
CWE
- CWE 331
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/i… | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-1… | x_refsource_MISCx_transferred |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:18.119Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-297-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mesh OS",
"vendor": "Tropos",
"versions": [
{
"lessThan": "7.9.1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "research group composed of Nadia Heninger (University of California at San Diego), Zakir Durumeric (University of Michigan), Eric Wustrow (University of Michigan), and J. Alex Halderman (University of Michigan)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere.\u003c/p\u003e"
}
],
"value": "Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:P/A:N",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE 331",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-09T16:22:48.905Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-12-297-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Tropos Networks has released customer notification and an update (Tropos\n Mesh OS 7.9.1.1) for its network device embedded software. This update \ncan be downloaded from the Tropos software download page. Download of \nthe update requires a valid user name and password. The updated firmware\n fixes the vulnerability by using sufficient entropy to generate unique \nSSH host keys.\n\n\u003cbr\u003e"
}
],
"value": "Tropos Networks has released customer notification and an update (Tropos\n Mesh OS 7.9.1.1) for its network device embedded software. This update \ncan be downloaded from the Tropos software download page. Download of \nthe update requires a valid user name and password. The updated firmware\n fixes the vulnerability by using sufficient entropy to generate unique \nSSH host keys."
}
],
"source": {
"advisory": "ICSA-12-297-01",
"discovery": "EXTERNAL"
},
"title": "Tropos Wireless Mesh Routers Insufficient Entropy",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-4898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-297-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-297-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2012-4898",
"datePublished": "2012-12-18T11:00:00.000Z",
"dateReserved": "2012-09-12T00:00:00.000Z",
"dateUpdated": "2025-07-09T16:22:48.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}