Sign-up

ID

VAR-201212-0196


CVE

CVE-2012-4898


TITLE

Tropos wireless mesh router of Mesh OS Vulnerabilities impersonating devices

Trust: 0.8

sources: JVNDB: JVNDB-2012-005761

DESCRIPTION

Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere. The Mesh network is the \"wireless mesh network\", which is a wireless multi-hop network. Mesh OS is a routing system. The Tropos wireless network router product uses insufficient entropy when generating the SSH connection key. Mesh OS is prone to an insufficient-entropy vulnerability when generating keys for SSH. This aids in other attacks

Trust: 2.52

sources: NVD: CVE-2012-4898 // JVNDB: JVNDB-2012-005761 // CNVD: CNVD-2012-7431 // BID: 56890 // VULHUB: VHN-58179

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2012-7431

AFFECTED PRODUCTS

vendor:troposmodel:1410 wireless mesh routerscope:eqversion: -

Trust: 1.0

vendor:troposmodel:3320 indoor mesh routerscope:eqversion: -

Trust: 1.0

vendor:troposmodel:1410 mesh routerscope:eqversion: -

Trust: 1.0

vendor:troposmodel:mesh osscope:lteversion:7.9.1

Trust: 1.0

vendor:troposmodel:6310 mesh routerscope:eqversion: -

Trust: 1.0

vendor:troposmodel:3310 indoor mesh routerscope:eqversion: -

Trust: 1.0

vendor:troposmodel:1310 distrubution automation mesh routerscope:eqversion: -

Trust: 1.0

vendor:troposmodel:4310 mobile mesh routerscope:eqversion: -

Trust: 1.0

vendor:troposmodel:6320 mesh routerscope:eqversion: -

Trust: 1.0

vendor:troposmodel:1310 distribution automation mesh routerscope: - version: -

Trust: 0.8

vendor:troposmodel:1410 mesh routerscope: - version: -

Trust: 0.8

vendor:troposmodel:1410 wireless mesh routerscope: - version: -

Trust: 0.8

vendor:troposmodel:3310 indoor mesh routerscope: - version: -

Trust: 0.8

vendor:troposmodel:3320 indoor mesh routerscope: - version: -

Trust: 0.8

vendor:troposmodel:4310 mobile mesh routerscope: - version: -

Trust: 0.8

vendor:troposmodel:6310 mesh routerscope: - version: -

Trust: 0.8

vendor:troposmodel:6320 mesh routerscope: - version: -

Trust: 0.8

vendor:troposmodel:mesh osscope:ltversion:7.9.1.1

Trust: 0.8

vendor:troposmodel:mesh osscope:ltversion:7.9.11

Trust: 0.6

vendor:troposmodel:mesh osscope:eqversion:7.9.1

Trust: 0.6

vendor:troposmodel:wireless mesh routersscope:eqversion:0

Trust: 0.3

vendor:troposmodel:mesh osscope:eqversion:7.9

Trust: 0.3

vendor:troposmodel:mesh osscope:neversion:7.9.1.1

Trust: 0.3

sources: CNVD: CNVD-2012-7431 // BID: 56890 // JVNDB: JVNDB-2012-005761 // CNNVD: CNNVD-201212-167 // NVD: CVE-2012-4898

CVSS

SEVERITY

CVSSV2

CVSSV3

ics-cert@hq.dhs.gov: CVE-2012-4898
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2012-4898
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-4898
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201212-167
value: MEDIUM

Trust: 0.6

VULHUB: VHN-58179
value: MEDIUM

Trust: 0.1

ics-cert@hq.dhs.gov: CVE-2012-4898
severity: MEDIUM
baseScore: 6.1
vectorString: AV:N/AC:H/AU:N/C:C/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 2.8

VULHUB: VHN-58179
severity: MEDIUM
baseScore: 6.1
vectorString: AV:N/AC:H/AU:N/C:C/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-58179 // JVNDB: JVNDB-2012-005761 // CNNVD: CNNVD-201212-167 // NVD: CVE-2012-4898 // NVD: CVE-2012-4898

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

sources: VULHUB: VHN-58179 // JVNDB: JVNDB-2012-005761 // NVD: CVE-2012-4898

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201212-167

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201212-167

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-005761

PATCH
title:Top Pageurl:http://gridcom.tropos.com/landing_index.php
Trust: 0.8
title:Mesh OS patch with insufficient entropy vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/26486
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2012-7431 // 
            
            
            
            JVNDB: JVNDB-2012-005761

EXTERNAL IDS
db:NVDid:CVE-2012-4898
Trust: 3.4
db:ICS CERTid:ICSA-12-297-01
Trust: 3.4
db:BIDid:56890
Trust: 1.0
db:JVNDBid:JVNDB-2012-005761
Trust: 0.8
db:CNNVDid:CNNVD-201212-167
Trust: 0.7
db:CNVDid:CNVD-2012-7431
Trust: 0.6
db:VULHUBid:VHN-58179
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2012-7431 // 
            
            
            
            VULHUB: VHN-58179 // 
            
            
            
            BID: 56890 // 
            
            
            
            JVNDB: JVNDB-2012-005761 // 
            
            
            
            CNNVD: CNNVD-201212-167 // 
            
            
            
            NVD: CVE-2012-4898

REFERENCES
url:http://www.us-cert.gov/control_systems/pdf/icsa-12-297-01.pdf
Trust: 3.4
url:https://www.cisa.gov/news-events/ics-advisories/icsa-12-297-01
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4898
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4898
Trust: 0.8
url:http://www.securityfocus.com/bid/56890
Trust: 0.6
url:http://www.tropos.com/products/performance_mesh.html
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2012-7431 // 
            
            
            
            VULHUB: VHN-58179 // 
            
            
            
            BID: 56890 // 
            
            
            
            JVNDB: JVNDB-2012-005761 // 
            
            
            
            CNNVD: CNNVD-201212-167 // 
            
            
            
            NVD: CVE-2012-4898

CREDITS
Nadia Heninger, Zakir Durumeric, Eric Wustrow, and J. Alex Halderman
Trust: 0.9
sources:
            
            
            BID: 56890 // 
            
            
            
            CNNVD: CNNVD-201212-167

SOURCES
db:CNVDid:CNVD-2012-7431
db:VULHUBid:VHN-58179
db:BIDid:56890
db:JVNDBid:JVNDB-2012-005761
db:CNNVDid:CNNVD-201212-167
db:NVDid:CVE-2012-4898

LAST UPDATE DATE
2025-07-10T23:04:36.246000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2012-7431date:2012-12-13T00:00:00
db:VULHUBid:VHN-58179date:2013-01-29T00:00:00
db:BIDid:56890date:2015-03-19T08:23:00
db:JVNDBid:JVNDB-2012-005761date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-201212-167date:2012-12-25T00:00:00
db:NVDid:CVE-2012-4898date:2025-07-09T17:15:29.767

SOURCES RELEASE DATE
db:CNVDid:CNVD-2012-7431date:2012-12-13T00:00:00
db:VULHUBid:VHN-58179date:2012-12-18T00:00:00
db:BIDid:56890date:2012-12-10T00:00:00
db:JVNDBid:JVNDB-2012-005761date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-201212-167date:2012-12-13T00:00:00
db:NVDid:CVE-2012-4898date:2012-12-18T12:30:05.920