| ID |
CVE-2015-2054
|
| Summary |
CRLF injection vulnerability in export.cfg in the web-based administrative console for Sierra Wireless AirCard 760S, 762S, and 763S allows remote attackers to inject arbitrary headers via CRLF sequences in the save parameter. <a href="http://cwe.mitre.org/data/definitions/93.html" target="_blank">CWE-93: CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')</a> |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:h:sierra_wireless:sierra_wireless_aircard_760s:*:*:*:*:*:*:*:*
cpe:2.3:h:sierra_wireless:sierra_wireless_aircard_760s:*:*:*:*:*:*:*:*
-
cpe:2.3:h:sierra_wireless:sierra_wireless_aircard_762s:*:*:*:*:*:*:*:*
cpe:2.3:h:sierra_wireless:sierra_wireless_aircard_762s:*:*:*:*:*:*:*:*
-
cpe:2.3:h:sierra_wireless:sierra_wireless_aircard_763s:*:*:*:*:*:*:*:*
cpe:2.3:h:sierra_wireless:sierra_wireless_aircard_763s:*:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 4.3 (as of 30-11-2016 - 03:00) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| NONE |
PARTIAL |
NONE |
|
| cvss-vector
via4
|
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
| refmap
via4
|
| bid | 74875 | | fulldisc | 20150114 Sierra Wireless AirCard 760S/762S/763S Mobile Hotspot CRLF Injection |
|
| Last major update |
30-11-2016 - 03:00 |
| Published |
23-02-2015 - 17:59 |
| Last modified |
30-11-2016 - 03:00 |
