Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
53 vulnerabilities by sierrawireless
VAR-201508-0602
Vulnerability from variot - Updated: 2024-04-19 22:52Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote attackers to obtain administrative access via a (1) SSH or (2) TELNET session. Sierra Wireless Provided by AirLink Management software running on the gateway device ALEOS Has a problem with hard-coded credentials. ALEOS version 4.3.4 And earlier, these root Authorized accounts are enabled by default, telnet Or ssh It is accessible at. ALEOS version 4.3.5 From 4.4.1 By default, hard-coded accounts are enabled, but remote access is disabled. CWE-259: Use of Hard-coded Password https://cwe.mitre.org/data/definitions/259.htmlA remote attacker could manipulate the affected device. Sierra Wireless ALEOS is prone to multiple privilege-escalation vulnerabilities. A remote attacker could exploit this vulnerability via an SSH or TELNET session to gain administrator access. The following devices are affected: AirLink ES, GX, LS
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0602",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "aleos",
"scope": "lte",
"trust": 1.0,
"vendor": "sierrawireless",
"version": "4.4.1"
},
{
"model": "airlink es440",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "airlink es450",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "airlink gx400",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "airlink gx440",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "airlink gx450",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "airlink ls300",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "aleos",
"scope": "lte",
"trust": 0.8,
"vendor": "sierra",
"version": "4.4.1"
},
{
"model": "aleos",
"scope": "eq",
"trust": 0.6,
"vendor": "sierrawireless",
"version": "4.4.1"
},
{
"model": "wireless aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.4.1"
},
{
"model": "wireless aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.3.5"
},
{
"model": "wireless aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.3.4"
},
{
"model": "wireless airlink ls",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "0"
},
{
"model": "wireless airlink gx",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "0"
},
{
"model": "wireless airlink es",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "0"
},
{
"model": "wireless aleos",
"scope": "ne",
"trust": 0.3,
"vendor": "sierra",
"version": "4.4.2"
}
],
"sources": [
{
"db": "BID",
"id": "76264"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004031"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-047"
},
{
"db": "NVD",
"id": "CVE-2015-2897"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sierrawireless:aleos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.4.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_es450:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_gx450:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_es440:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_gx440:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_ls300:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2897"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "anonymous",
"sources": [
{
"db": "BID",
"id": "76264"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2897",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-2897",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-80858",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-2897",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-047",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-80858",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80858"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004031"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-047"
},
{
"db": "NVD",
"id": "CVE-2015-2897"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote attackers to obtain administrative access via a (1) SSH or (2) TELNET session. Sierra Wireless Provided by AirLink Management software running on the gateway device ALEOS Has a problem with hard-coded credentials. ALEOS version 4.3.4 And earlier, these root Authorized accounts are enabled by default, telnet Or ssh It is accessible at. ALEOS version 4.3.5 From 4.4.1 By default, hard-coded accounts are enabled, but remote access is disabled. CWE-259: Use of Hard-coded Password https://cwe.mitre.org/data/definitions/259.htmlA remote attacker could manipulate the affected device. Sierra Wireless ALEOS is prone to multiple privilege-escalation vulnerabilities. A remote attacker could exploit this vulnerability via an SSH or TELNET session to gain administrator access. The following devices are affected: AirLink ES, GX, LS",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2897"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004031"
},
{
"db": "BID",
"id": "76264"
},
{
"db": "VULHUB",
"id": "VHN-80858"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#628568",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2015-2897",
"trust": 2.8
},
{
"db": "JVN",
"id": "JVNVU95544994",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004031",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201508-047",
"trust": 0.7
},
{
"db": "BID",
"id": "76264",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-80858",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80858"
},
{
"db": "BID",
"id": "76264"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004031"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-047"
},
{
"db": "NVD",
"id": "CVE-2015-2897"
}
]
},
"id": "VAR-201508-0602",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-80858"
}
],
"trust": 0.89166665
},
"last_update_date": "2024-04-19T22:52:23.652000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ALEOS Application Framework",
"trust": 0.8,
"url": "http://source.sierrawireless.com/resources/airlink/aleos_af/aleos_af_home/"
},
{
"title": "ALEOS 4.4.2 Release Notes",
"trust": 0.8,
"url": "http://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,4,-d-,2-release-notes/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004031"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80858"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004031"
},
{
"db": "NVD",
"id": "CVE-2015-2897"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/628568"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2897"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu95544994"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2897"
},
{
"trust": 0.3,
"url": "http://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,4,-d-,2-release-notes/"
},
{
"trust": 0.3,
"url": "http://source.sierrawireless.com/resources/airlink/aleos_af/aleos_af_home/"
},
{
"trust": 0.3,
"url": "http://www.sierrawireless.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80858"
},
{
"db": "BID",
"id": "76264"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004031"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-047"
},
{
"db": "NVD",
"id": "CVE-2015-2897"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-80858"
},
{
"db": "BID",
"id": "76264"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004031"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-047"
},
{
"db": "NVD",
"id": "CVE-2015-2897"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-08T00:00:00",
"db": "VULHUB",
"id": "VHN-80858"
},
{
"date": "2015-08-07T00:00:00",
"db": "BID",
"id": "76264"
},
{
"date": "2015-08-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004031"
},
{
"date": "2015-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-047"
},
{
"date": "2015-08-08T01:59:00.113000",
"db": "NVD",
"id": "CVE-2015-2897"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-11T00:00:00",
"db": "VULHUB",
"id": "VHN-80858"
},
{
"date": "2015-08-07T00:00:00",
"db": "BID",
"id": "76264"
},
{
"date": "2015-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004031"
},
{
"date": "2015-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-047"
},
{
"date": "2015-08-11T18:10:12.353000",
"db": "NVD",
"id": "CVE-2015-2897"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-047"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ALEOS Use Sierra Wireless Multiple devices use hard-coded passwords",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004031"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-047"
}
],
"trust": 0.6
}
}
VAR-201704-0139
Vulnerability from variot - Updated: 2024-02-13 22:52Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests. Sierra Wireless GX 440 Device ALEOS There are authentication vulnerabilities in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. The Sierra Wireless GX440 is a gateway device from Sierra Wireless, Canada. A verification problem vulnerability exists in the SierraWirelessGX440 device using version 4.3.2 ALEOS firmware, which was caused by the program not requesting authentication for Embedded_Ace_Get_Task.cgi. An attacker could exploit this vulnerability to gain root/shell access
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0139",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "aleos",
"scope": "eq",
"trust": 1.6,
"vendor": "sierrawireless",
"version": "4.3.2"
},
{
"model": "aleos",
"scope": "eq",
"trust": 0.8,
"vendor": "sierra",
"version": "4.3.2"
},
{
"model": "wireless gx",
"scope": "eq",
"trust": 0.6,
"vendor": "sierra",
"version": "4404.3.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-16018"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008300"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-507"
},
{
"db": "NVD",
"id": "CVE-2016-5068"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sierrawireless:aleos_firmware:4.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:gx_440:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5068"
}
]
},
"cve": "CVE-2016-5068",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-5068",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-16018",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-93887",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-5068",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-5068",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2017-16018",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-507",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-93887",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-5068",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-16018"
},
{
"db": "VULHUB",
"id": "VHN-93887"
},
{
"db": "VULMON",
"id": "CVE-2016-5068"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008300"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-507"
},
{
"db": "NVD",
"id": "CVE-2016-5068"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests. Sierra Wireless GX 440 Device ALEOS There are authentication vulnerabilities in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. The Sierra Wireless GX440 is a gateway device from Sierra Wireless, Canada. A verification problem vulnerability exists in the SierraWirelessGX440 device using version 4.3.2 ALEOS firmware, which was caused by the program not requesting authentication for Embedded_Ace_Get_Task.cgi. An attacker could exploit this vulnerability to gain root/shell access",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5068"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008300"
},
{
"db": "CNVD",
"id": "CNVD-2017-16018"
},
{
"db": "VULHUB",
"id": "VHN-93887"
},
{
"db": "VULMON",
"id": "CVE-2016-5068"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5068",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008300",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-507",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-16018",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-93887",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-5068",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-16018"
},
{
"db": "VULHUB",
"id": "VHN-93887"
},
{
"db": "VULMON",
"id": "CVE-2016-5068"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008300"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-507"
},
{
"db": "NVD",
"id": "CVE-2016-5068"
}
]
},
"id": "VAR-201704-0139",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-16018"
},
{
"db": "VULHUB",
"id": "VHN-93887"
}
],
"trust": 1.5333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-16018"
}
]
},
"last_update_date": "2024-02-13T22:52:39.916000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Getting started with AirLink Intelligent Gateways",
"trust": 0.8,
"url": "https://source.sierrawireless.com/airvantage/avc/howto/hardware/airlink_getting_started/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008300"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93887"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008300"
},
{
"db": "NVD",
"id": "CVE-2016-5068"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://carvesystems.com/sierra-wireless-2016-advisory.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5068"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5068"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-16018"
},
{
"db": "VULHUB",
"id": "VHN-93887"
},
{
"db": "VULMON",
"id": "CVE-2016-5068"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008300"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-507"
},
{
"db": "NVD",
"id": "CVE-2016-5068"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-16018"
},
{
"db": "VULHUB",
"id": "VHN-93887"
},
{
"db": "VULMON",
"id": "CVE-2016-5068"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008300"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-507"
},
{
"db": "NVD",
"id": "CVE-2016-5068"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-16018"
},
{
"date": "2017-04-10T00:00:00",
"db": "VULHUB",
"id": "VHN-93887"
},
{
"date": "2017-04-10T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5068"
},
{
"date": "2017-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008300"
},
{
"date": "2017-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-507"
},
{
"date": "2017-04-10T03:59:01.653000",
"db": "NVD",
"id": "CVE-2016-5068"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-16018"
},
{
"date": "2017-04-14T00:00:00",
"db": "VULHUB",
"id": "VHN-93887"
},
{
"date": "2017-04-14T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5068"
},
{
"date": "2017-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008300"
},
{
"date": "2017-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-507"
},
{
"date": "2017-04-14T15:47:09.777000",
"db": "NVD",
"id": "CVE-2016-5068"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-507"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sierra Wireless GX 440 Device ALEOS Firmware authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008300"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-507"
}
],
"trust": 0.6
}
}
VAR-201910-1514
Vulnerability from variot - Updated: 2023-12-18 14:00An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user password on the device. An attacker can make an authenticated HTTP request to trigger this vulnerability. The SierraWirelessAirLinkES450 is a cellular network modem device from Sierra Wireless, Canada. An unauthorized password modification vulnerability exists in the ACEManagerupload.cgi feature in the SierraWirelessAirLinkES450 using version 4.9.3 of the firmware
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-1514",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "airlink es450",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": "4.9.3"
},
{
"model": "airlink es450",
"scope": "eq",
"trust": 0.8,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "wireless airlink es450",
"scope": "eq",
"trust": 0.6,
"vendor": "sierra",
"version": "4.9.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13238"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016146"
},
{
"db": "NVD",
"id": "CVE-2018-4064"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sierrawireless:airlink_es450_firmware:4.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_es450:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4064"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Carl Hurd of Cisco Talos.,Carl Hurd of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1199"
}
],
"trust": 0.6
},
"cve": "CVE-2018-4064",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-4064",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-13238",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-4064",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-4064",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-13238",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-1199",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13238"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016146"
},
{
"db": "NVD",
"id": "CVE-2018-4064"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1199"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user password on the device. An attacker can make an authenticated HTTP request to trigger this vulnerability. The SierraWirelessAirLinkES450 is a cellular network modem device from Sierra Wireless, Canada. An unauthorized password modification vulnerability exists in the ACEManagerupload.cgi feature in the SierraWirelessAirLinkES450 using version 4.9.3 of the firmware",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4064"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016146"
},
{
"db": "CNVD",
"id": "CNVD-2019-13238"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-4064",
"trust": 3.0
},
{
"db": "TALOS",
"id": "TALOS-2018-0749",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016146",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-13238",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "152649",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1199",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13238"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016146"
},
{
"db": "NVD",
"id": "CVE-2018-4064"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1199"
}
]
},
"id": "VAR-201910-1514",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13238"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13238"
}
]
},
"last_update_date": "2023-12-18T14:00:47.096000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AirLink ES450",
"trust": 0.8,
"url": "https://www.sierrawireless.com/products-and-solutions/routers-gateways/es450/"
},
{
"title": "SierraWirelessAirLinkES450 Unauthorized Password Modification Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/160403"
},
{
"title": "Sierra Wireless AirLink ES450 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92013"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13238"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016146"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1199"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016146"
},
{
"db": "NVD",
"id": "CVE-2018-4064"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2018-0749"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4064"
},
{
"trust": 1.2,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2018-0749"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4064"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152649/sierra-wireless-airlink-es450-acemanager-upload.cgi-unverified-password-change.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13238"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016146"
},
{
"db": "NVD",
"id": "CVE-2018-4064"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1199"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-13238"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016146"
},
{
"db": "NVD",
"id": "CVE-2018-4064"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1199"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-13238"
},
{
"date": "2019-11-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016146"
},
{
"date": "2019-10-31T21:15:12.417000",
"db": "NVD",
"id": "CVE-2018-4064"
},
{
"date": "2019-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1199"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-13238"
},
{
"date": "2019-11-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016146"
},
{
"date": "2019-11-06T16:23:08.977000",
"db": "NVD",
"id": "CVE-2018-4064"
},
{
"date": "2019-11-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1199"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1199"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sierra Wireless AirLink ES450 FW Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016146"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1199"
}
],
"trust": 0.6
}
}
VAR-201704-0140
Vulnerability from variot - Updated: 2023-12-18 13:57Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL. Sierra Wireless GX 440 Device ALEOS The firmware contains a session deadline vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. The Sierra Wireless GX440 is a gateway device from Sierra Wireless, Canada. A security vulnerability exists in the SierraWirelessGX440 device using version 4.3.2 ALEOS firmware. An attacker could exploit the vulnerability to access a management web application
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0140",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "aleos",
"scope": "eq",
"trust": 1.6,
"vendor": "sierrawireless",
"version": "4.3.2"
},
{
"model": "aleos",
"scope": "eq",
"trust": 0.8,
"vendor": "sierra",
"version": "4.3.2"
},
{
"model": "wireless gx",
"scope": "eq",
"trust": 0.6,
"vendor": "sierra",
"version": "4404.3.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-16017"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008301"
},
{
"db": "NVD",
"id": "CVE-2016-5069"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-506"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sierrawireless:aleos_firmware:4.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:gx_440:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5069"
}
]
},
"cve": "CVE-2016-5069",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-5069",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-16017",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-93888",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-5069",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-5069",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2017-16017",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-506",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-93888",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-16017"
},
{
"db": "VULHUB",
"id": "VHN-93888"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008301"
},
{
"db": "NVD",
"id": "CVE-2016-5069"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-506"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL. Sierra Wireless GX 440 Device ALEOS The firmware contains a session deadline vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. The Sierra Wireless GX440 is a gateway device from Sierra Wireless, Canada. A security vulnerability exists in the SierraWirelessGX440 device using version 4.3.2 ALEOS firmware. An attacker could exploit the vulnerability to access a management web application",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5069"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008301"
},
{
"db": "CNVD",
"id": "CNVD-2017-16017"
},
{
"db": "VULHUB",
"id": "VHN-93888"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5069",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008301",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-506",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-16017",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-93888",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-16017"
},
{
"db": "VULHUB",
"id": "VHN-93888"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008301"
},
{
"db": "NVD",
"id": "CVE-2016-5069"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-506"
}
]
},
"id": "VAR-201704-0140",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-16017"
},
{
"db": "VULHUB",
"id": "VHN-93888"
}
],
"trust": 1.5333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-16017"
}
]
},
"last_update_date": "2023-12-18T13:57:26.378000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Getting started with AirLink Intelligent Gateways",
"trust": 0.8,
"url": "https://source.sierrawireless.com/airvantage/avc/howto/hardware/airlink_getting_started/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008301"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-613",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93888"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008301"
},
{
"db": "NVD",
"id": "CVE-2016-5069"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://carvesystems.com/sierra-wireless-2016-advisory.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5069"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5069"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-16017"
},
{
"db": "VULHUB",
"id": "VHN-93888"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008301"
},
{
"db": "NVD",
"id": "CVE-2016-5069"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-506"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-16017"
},
{
"db": "VULHUB",
"id": "VHN-93888"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008301"
},
{
"db": "NVD",
"id": "CVE-2016-5069"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-506"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-16017"
},
{
"date": "2017-04-10T00:00:00",
"db": "VULHUB",
"id": "VHN-93888"
},
{
"date": "2017-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008301"
},
{
"date": "2017-04-10T03:59:01.687000",
"db": "NVD",
"id": "CVE-2016-5069"
},
{
"date": "2017-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-506"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-16017"
},
{
"date": "2017-04-14T00:00:00",
"db": "VULHUB",
"id": "VHN-93888"
},
{
"date": "2017-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008301"
},
{
"date": "2017-04-14T15:46:48.980000",
"db": "NVD",
"id": "CVE-2016-5069"
},
{
"date": "2017-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-506"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-506"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sierra Wireless GX 440 Device ALEOS Firmware session expiration vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008301"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-506"
}
],
"trust": 0.6
}
}
VAR-201704-0136
Vulnerability from variot - Updated: 2023-12-18 13:53Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection. The Sierra Wireless GX440 is a gateway device from Sierra Wireless, Canada. The SierraWirelessGX440 has a command injection vulnerability that can be exploited by remote attackers to submit special requests and execute arbitrary commands. An attacker could exploit this vulnerability to inject commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0136",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "aleos",
"scope": "eq",
"trust": 1.6,
"vendor": "sierrawireless",
"version": "4.3.2"
},
{
"model": "aleos",
"scope": "eq",
"trust": 0.8,
"vendor": "sierra",
"version": "4.3.2"
},
{
"model": "wireless gx440",
"scope": "eq",
"trust": 0.6,
"vendor": "sierra",
"version": "4.3.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10181"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008297"
},
{
"db": "NVD",
"id": "CVE-2016-5065"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-510"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sierrawireless:aleos_firmware:4.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:gx_440:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5065"
}
]
},
"cve": "CVE-2016-5065",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-5065",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-10181",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-93884",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-5065",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-5065",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2017-10181",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-510",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-93884",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10181"
},
{
"db": "VULHUB",
"id": "VHN-93884"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008297"
},
{
"db": "NVD",
"id": "CVE-2016-5065"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-510"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection. The Sierra Wireless GX440 is a gateway device from Sierra Wireless, Canada. The SierraWirelessGX440 has a command injection vulnerability that can be exploited by remote attackers to submit special requests and execute arbitrary commands. An attacker could exploit this vulnerability to inject commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5065"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008297"
},
{
"db": "CNVD",
"id": "CNVD-2017-10181"
},
{
"db": "VULHUB",
"id": "VHN-93884"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5065",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008297",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-510",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-10181",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-93884",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10181"
},
{
"db": "VULHUB",
"id": "VHN-93884"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008297"
},
{
"db": "NVD",
"id": "CVE-2016-5065"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-510"
}
]
},
"id": "VAR-201704-0136",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10181"
},
{
"db": "VULHUB",
"id": "VHN-93884"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10181"
}
]
},
"last_update_date": "2023-12-18T13:53:04.424000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Getting started with AirLink Intelligent Gateways",
"trust": 0.8,
"url": "https://source.sierrawireless.com/airvantage/avc/howto/hardware/airlink_getting_started/"
},
{
"title": "Patch for SierraWirelessGX440 Command Injection Vulnerability (CNVD-2017-10181)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/95712"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10181"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008297"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93884"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008297"
},
{
"db": "NVD",
"id": "CVE-2016-5065"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://carvesystems.com/sierra-wireless-2016-advisory.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5065"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5065"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10181"
},
{
"db": "VULHUB",
"id": "VHN-93884"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008297"
},
{
"db": "NVD",
"id": "CVE-2016-5065"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-510"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-10181"
},
{
"db": "VULHUB",
"id": "VHN-93884"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008297"
},
{
"db": "NVD",
"id": "CVE-2016-5065"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-510"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-10181"
},
{
"date": "2017-04-10T00:00:00",
"db": "VULHUB",
"id": "VHN-93884"
},
{
"date": "2017-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008297"
},
{
"date": "2017-04-10T03:59:01.577000",
"db": "NVD",
"id": "CVE-2016-5065"
},
{
"date": "2017-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-510"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-10181"
},
{
"date": "2017-04-14T00:00:00",
"db": "VULHUB",
"id": "VHN-93884"
},
{
"date": "2017-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008297"
},
{
"date": "2017-04-14T15:40:33.313000",
"db": "NVD",
"id": "CVE-2016-5065"
},
{
"date": "2017-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-510"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-510"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sierra Wireless GX 440 Device ALEOS Firmware command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008297"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-510"
}
],
"trust": 0.6
}
}
VAR-201805-0371
Vulnerability from variot - Updated: 2023-12-18 13:52A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.7 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9.3 could allow an unauthenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. plural Sierra Wireless Router firmware contains vulnerabilities related to authorization, authority, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SierraWirelessAirLinkGX400 and others are router products of SierraWireless Canada. There are security holes in several SierraWireless products. Sierra Wireless AirLink GX400 and so on are the router products of Canadian Sierra Wireless company. The following products and versions are affected: Sierra Wireless AirLink GX400 with firmware prior to 4.4.7; Sierra Wireless AirLink GX440 with firmware prior to 4.4.7; Sierra Wireless AirLink ES440 with firmware prior to 4.4.7; Sierra Wireless AirLink LS300 with firmware prior to 4.9.3; Sierra Wireless AirLink GX450 with firmware prior to 4.9.3; Sierra Wireless AirLink ES450 with firmware prior to 4.9.3; Sierra Wireless AirLink RV50 with firmware prior to 4.9.3; Sierra Wireless AirLink RV50X with firmware prior to .3; Sierra Wireless AirLink MP70 with firmware prior to 4.9.3; Sierra Wireless AirLink MP70E with firmware prior to 4.9.3
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0371",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "aleos",
"scope": "lt",
"trust": 1.0,
"vendor": "sierrawireless",
"version": "4.9.3"
},
{
"model": "aleos",
"scope": "lt",
"trust": 1.0,
"vendor": "sierrawireless",
"version": "4.4.7"
},
{
"model": "airlink es440",
"scope": "lt",
"trust": 0.8,
"vendor": "sierra",
"version": "4.4.7"
},
{
"model": "airlink es450",
"scope": "lt",
"trust": 0.8,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "airlink gx400",
"scope": "lt",
"trust": 0.8,
"vendor": "sierra",
"version": "4.4.7"
},
{
"model": "airlink gx440",
"scope": "lt",
"trust": 0.8,
"vendor": "sierra",
"version": "4.4.7"
},
{
"model": "airlink gx450",
"scope": "lt",
"trust": 0.8,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "airlink ls300",
"scope": "lt",
"trust": 0.8,
"vendor": "sierra",
"version": "4.4.7"
},
{
"model": "airlink mp70",
"scope": "lt",
"trust": 0.8,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "airlink mp70e",
"scope": "lt",
"trust": 0.8,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "airlink rv50",
"scope": "lt",
"trust": 0.8,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "airlink rv50x",
"scope": "lt",
"trust": 0.8,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "wireless airlink es440",
"scope": "lt",
"trust": 0.6,
"vendor": "sierra",
"version": "4.4.7"
},
{
"model": "wireless airlink ls300",
"scope": "lt",
"trust": 0.6,
"vendor": "sierra",
"version": "4.4.7"
},
{
"model": "wireless airlink gx450",
"scope": "lt",
"trust": 0.6,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "wireless airlink es450",
"scope": "lt",
"trust": 0.6,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "wireless airlink rv50",
"scope": "lt",
"trust": 0.6,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "wireless airlink rv50x",
"scope": "lt",
"trust": 0.6,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "wireless airlink mp70",
"scope": "lt",
"trust": 0.6,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "wireless airlink mp70e",
"scope": "lt",
"trust": 0.6,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "wireless airlink gx400",
"scope": "lt",
"trust": 0.6,
"vendor": "sierra",
"version": "4.4.7"
},
{
"model": "wireless airlink gx440",
"scope": "lt",
"trust": 0.6,
"vendor": "sierra",
"version": "4.4.7"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09151"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004909"
},
{
"db": "NVD",
"id": "CVE-2018-10251"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.4.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:ls300:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:gx400:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:gx440:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:es440:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.9.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:rv50:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:mp70:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:gx450:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:es450:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:rv50x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:mp70e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10251"
}
]
},
"cve": "CVE-2018-10251",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-10251",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-09151",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-119992",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-10251",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-10251",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-09151",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-163",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-119992",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-10251",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09151"
},
{
"db": "VULHUB",
"id": "VHN-119992"
},
{
"db": "VULMON",
"id": "CVE-2018-10251"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004909"
},
{
"db": "NVD",
"id": "CVE-2018-10251"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-163"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.7 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9.3 could allow an unauthenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. plural Sierra Wireless Router firmware contains vulnerabilities related to authorization, authority, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SierraWirelessAirLinkGX400 and others are router products of SierraWireless Canada. There are security holes in several SierraWireless products. Sierra Wireless AirLink GX400 and so on are the router products of Canadian Sierra Wireless company. The following products and versions are affected: Sierra Wireless AirLink GX400 with firmware prior to 4.4.7; Sierra Wireless AirLink GX440 with firmware prior to 4.4.7; Sierra Wireless AirLink ES440 with firmware prior to 4.4.7; Sierra Wireless AirLink LS300 with firmware prior to 4.9.3; Sierra Wireless AirLink GX450 with firmware prior to 4.9.3; Sierra Wireless AirLink ES450 with firmware prior to 4.9.3; Sierra Wireless AirLink RV50 with firmware prior to 4.9.3; Sierra Wireless AirLink RV50X with firmware prior to .3; Sierra Wireless AirLink MP70 with firmware prior to 4.9.3; Sierra Wireless AirLink MP70E with firmware prior to 4.9.3",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10251"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004909"
},
{
"db": "CNVD",
"id": "CNVD-2018-09151"
},
{
"db": "VULHUB",
"id": "VHN-119992"
},
{
"db": "VULMON",
"id": "CVE-2018-10251"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-10251",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004909",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-09151",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201805-163",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-119992",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-10251",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09151"
},
{
"db": "VULHUB",
"id": "VHN-119992"
},
{
"db": "VULMON",
"id": "CVE-2018-10251"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004909"
},
{
"db": "NVD",
"id": "CVE-2018-10251"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-163"
}
]
},
"id": "VAR-201805-0371",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09151"
},
{
"db": "VULHUB",
"id": "VHN-119992"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09151"
}
]
},
"last_update_date": "2023-12-18T13:52:41.549000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SWI-PSA-2018-005:CVE-2018-10251: Remote Code ExecutionVulnerability",
"trust": 0.8,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---cve-2018-10251/"
},
{
"title": "Patch for a number of SierraWireless product arbitrary code execution vulnerabilities (CNVD-2018-09151)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/128525"
},
{
"title": "Multiple Sierra Wireless Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79875"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/sierra-wireless-patches-critical-vulns-in-hundreds-of-thousands-of-wireless-routers/131804/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09151"
},
{
"db": "VULMON",
"id": "CVE-2018-10251"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004909"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-163"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-862",
"trust": 1.1
},
{
"problemtype": "CWE-1188",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-119992"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004909"
},
{
"db": "NVD",
"id": "CVE-2018-10251"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---cve-2018-10251/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10251"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10251"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/1188.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/862.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/sierra-wireless-patches-critical-vulns-in-hundreds-of-thousands-of-wireless-routers/131804/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09151"
},
{
"db": "VULHUB",
"id": "VHN-119992"
},
{
"db": "VULMON",
"id": "CVE-2018-10251"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004909"
},
{
"db": "NVD",
"id": "CVE-2018-10251"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-163"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-09151"
},
{
"db": "VULHUB",
"id": "VHN-119992"
},
{
"db": "VULMON",
"id": "CVE-2018-10251"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004909"
},
{
"db": "NVD",
"id": "CVE-2018-10251"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-163"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-09151"
},
{
"date": "2018-05-04T00:00:00",
"db": "VULHUB",
"id": "VHN-119992"
},
{
"date": "2018-05-04T00:00:00",
"db": "VULMON",
"id": "CVE-2018-10251"
},
{
"date": "2018-06-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004909"
},
{
"date": "2018-05-04T20:29:00.517000",
"db": "NVD",
"id": "CVE-2018-10251"
},
{
"date": "2018-05-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-163"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-09151"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-119992"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-10251"
},
{
"date": "2018-06-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004909"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-10251"
},
{
"date": "2019-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-163"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-163"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Sierra Wireless Vulnerabilities related to authorization, authority, and access control in firmware of routers",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004909"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-163"
}
],
"trust": 0.6
}
}
VAR-201905-0857
Vulnerability from variot - Updated: 2023-12-18 13:38An exploitable information disclosure vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A HTTP request can result in disclosure of the default configuration for the device. An attacker can send an unauthenticated HTTP request to trigger this vulnerability. The SierraWirelessAirLinkES450 is a cellular network modem device from Sierra Wireless, Canada. Unauthorized attackers can exploit the vulnerability to obtain sensitive information about the affected component. This vulnerability stems from configuration errors in network systems or products during operation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0857",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "airlink es450",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": "4.9.3"
},
{
"model": "airlink es450",
"scope": "eq",
"trust": 0.8,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "wireless airlink es450",
"scope": "eq",
"trust": 0.6,
"vendor": "sierra",
"version": "4.9.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13240"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015381"
},
{
"db": "NVD",
"id": "CVE-2018-4068"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sierrawireless:airlink_es450_firmware:4.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_es450:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4068"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Carl Hurd of Cisco Talos.,Carl Hurd of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1205"
}
],
"trust": 0.6
},
"cve": "CVE-2018-4068",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-4068",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-13240",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-134099",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-4068",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-4068",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-13240",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-1205",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-134099",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13240"
},
{
"db": "VULHUB",
"id": "VHN-134099"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015381"
},
{
"db": "NVD",
"id": "CVE-2018-4068"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1205"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable information disclosure vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A HTTP request can result in disclosure of the default configuration for the device. An attacker can send an unauthenticated HTTP request to trigger this vulnerability. The SierraWirelessAirLinkES450 is a cellular network modem device from Sierra Wireless, Canada. Unauthorized attackers can exploit the vulnerability to obtain sensitive information about the affected component. This vulnerability stems from configuration errors in network systems or products during operation",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4068"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015381"
},
{
"db": "CNVD",
"id": "CNVD-2019-13240"
},
{
"db": "VULHUB",
"id": "VHN-134099"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-134099",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134099"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-4068",
"trust": 3.1
},
{
"db": "TALOS",
"id": "TALOS-2018-0753",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015381",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1205",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "152653",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-13240",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-134099",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13240"
},
{
"db": "VULHUB",
"id": "VHN-134099"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015381"
},
{
"db": "NVD",
"id": "CVE-2018-4068"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1205"
}
]
},
"id": "VAR-201905-0857",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13240"
},
{
"db": "VULHUB",
"id": "VHN-134099"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13240"
}
]
},
"last_update_date": "2023-12-18T13:38:16.884000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AirLink ES450",
"trust": 0.8,
"url": "https://www.sierrawireless.com/products-and-solutions/routers-gateways/es450/"
},
{
"title": "Patch for SierraWirelessAirLinkES450 Information Disclosure Vulnerability (CNVD-2019-13240)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/160413"
},
{
"title": "Sierra Wireless AirLink ES450 Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92019"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13240"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015381"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1205"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134099"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015381"
},
{
"db": "NVD",
"id": "CVE-2018-4068"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2018-0753"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4068"
},
{
"trust": 1.2,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2018-0753"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4068"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152653/sierra-wireless-airlink-es450-acemanager-information-disclosure.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13240"
},
{
"db": "VULHUB",
"id": "VHN-134099"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015381"
},
{
"db": "NVD",
"id": "CVE-2018-4068"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1205"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-13240"
},
{
"db": "VULHUB",
"id": "VHN-134099"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015381"
},
{
"db": "NVD",
"id": "CVE-2018-4068"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1205"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-13240"
},
{
"date": "2019-05-06T00:00:00",
"db": "VULHUB",
"id": "VHN-134099"
},
{
"date": "2019-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015381"
},
{
"date": "2019-05-06T18:29:00.413000",
"db": "NVD",
"id": "CVE-2018-4068"
},
{
"date": "2019-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1205"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-13240"
},
{
"date": "2019-05-07T00:00:00",
"db": "VULHUB",
"id": "VHN-134099"
},
{
"date": "2019-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015381"
},
{
"date": "2019-05-07T18:08:29.957000",
"db": "NVD",
"id": "CVE-2018-4068"
},
{
"date": "2019-05-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1205"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1205"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sierra Wireless AirLink ES450 Information disclosure vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015381"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1205"
}
],
"trust": 0.6
}
}
VAR-201704-0138
Vulnerability from variot - Updated: 2023-12-18 13:24Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection. The Sierra Wireless GX440 is a gateway device from Sierra Wireless, Canada. The SierraWirelessGX440 has a command injection vulnerability that can be exploited by remote attackers to submit special requests and execute arbitrary commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0138",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "aleos",
"scope": "eq",
"trust": 1.6,
"vendor": "sierrawireless",
"version": "4.3.2"
},
{
"model": "aleos",
"scope": "eq",
"trust": 0.8,
"vendor": "sierra",
"version": "4.3.2"
},
{
"model": "wireless gx440",
"scope": "eq",
"trust": 0.6,
"vendor": "sierra",
"version": "4.3.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10179"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008299"
},
{
"db": "NVD",
"id": "CVE-2016-5067"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-508"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sierrawireless:aleos_firmware:4.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:gx_440:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5067"
}
]
},
"cve": "CVE-2016-5067",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-5067",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2017-10179",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-93886",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-5067",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-5067",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-10179",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-508",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-93886",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10179"
},
{
"db": "VULHUB",
"id": "VHN-93886"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008299"
},
{
"db": "NVD",
"id": "CVE-2016-5067"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-508"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection. The Sierra Wireless GX440 is a gateway device from Sierra Wireless, Canada. The SierraWirelessGX440 has a command injection vulnerability that can be exploited by remote attackers to submit special requests and execute arbitrary commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5067"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008299"
},
{
"db": "CNVD",
"id": "CNVD-2017-10179"
},
{
"db": "VULHUB",
"id": "VHN-93886"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5067",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008299",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-508",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-10179",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-93886",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10179"
},
{
"db": "VULHUB",
"id": "VHN-93886"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008299"
},
{
"db": "NVD",
"id": "CVE-2016-5067"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-508"
}
]
},
"id": "VAR-201704-0138",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10179"
},
{
"db": "VULHUB",
"id": "VHN-93886"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10179"
}
]
},
"last_update_date": "2023-12-18T13:24:29.852000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Getting started with AirLink Intelligent Gateways",
"trust": 0.8,
"url": "https://source.sierrawireless.com/airvantage/avc/howto/hardware/airlink_getting_started/"
},
{
"title": "Patch for the SierraWirelessGX440 command injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/95710"
},
{
"title": "Sierra Wireless GX440 Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70153"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10179"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008299"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-508"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93886"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008299"
},
{
"db": "NVD",
"id": "CVE-2016-5067"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://carvesystems.com/sierra-wireless-2016-advisory.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5067"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5067"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10179"
},
{
"db": "VULHUB",
"id": "VHN-93886"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008299"
},
{
"db": "NVD",
"id": "CVE-2016-5067"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-508"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-10179"
},
{
"db": "VULHUB",
"id": "VHN-93886"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008299"
},
{
"db": "NVD",
"id": "CVE-2016-5067"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-508"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-10179"
},
{
"date": "2017-04-10T00:00:00",
"db": "VULHUB",
"id": "VHN-93886"
},
{
"date": "2017-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008299"
},
{
"date": "2017-04-10T03:59:01.623000",
"db": "NVD",
"id": "CVE-2016-5067"
},
{
"date": "2017-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-508"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-10179"
},
{
"date": "2017-04-14T00:00:00",
"db": "VULHUB",
"id": "VHN-93886"
},
{
"date": "2017-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008299"
},
{
"date": "2017-04-14T15:47:26.963000",
"db": "NVD",
"id": "CVE-2016-5067"
},
{
"date": "2017-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-508"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-508"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sierra Wireless GX440 Command Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10179"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-508"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-508"
}
],
"trust": 0.6
}
}
VAR-201905-0859
Vulnerability from variot - Updated: 2023-12-18 13:23An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. This binary does not have any restricted configuration settings, so once the MSCIID is discovered, any authenticated user can send configuration changes using the /cgi-bin/Embedded_Ace_Get_Task.cgi endpoint. The SierraWirelessAirLinkES450 is a cellular network modem device from Sierra Wireless, Canada. The vulnerability stems from errors in the configuration of the network system or product during operation. An unauthorized attacker can exploit the vulnerability to obtain sensitive information about the affected component
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0859",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "airlink es450",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": "4.9.3"
},
{
"model": "airlink es450",
"scope": "eq",
"trust": 0.8,
"vendor": "sierra",
"version": "fw 4.9.3"
},
{
"model": "wireless airlink es450",
"scope": "eq",
"trust": 0.6,
"vendor": "sierra",
"version": "4.9.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13408"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015387"
},
{
"db": "NVD",
"id": "CVE-2018-4070"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sierrawireless:airlink_es450_firmware:4.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_es450:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4070"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Carl Hurd and Jared Rittle of Cisco Talos.,Discovered by Carl Hurd and Jared Rittle of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1195"
}
],
"trust": 0.6
},
"cve": "CVE-2018-4070",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-4070",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-13408",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-134101",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-4070",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-4070",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-13408",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-1195",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-134101",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13408"
},
{
"db": "VULHUB",
"id": "VHN-134101"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015387"
},
{
"db": "NVD",
"id": "CVE-2018-4070"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1195"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. This binary does not have any restricted configuration settings, so once the MSCIID is discovered, any authenticated user can send configuration changes using the /cgi-bin/Embedded_Ace_Get_Task.cgi endpoint. The SierraWirelessAirLinkES450 is a cellular network modem device from Sierra Wireless, Canada. The vulnerability stems from errors in the configuration of the network system or product during operation. An unauthorized attacker can exploit the vulnerability to obtain sensitive information about the affected component",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4070"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015387"
},
{
"db": "CNVD",
"id": "CNVD-2019-13408"
},
{
"db": "VULHUB",
"id": "VHN-134101"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-134101",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134101"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "TALOS",
"id": "TALOS-2018-0755",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2018-4070",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015387",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "152655",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1195",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-13408",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-134101",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13408"
},
{
"db": "VULHUB",
"id": "VHN-134101"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015387"
},
{
"db": "NVD",
"id": "CVE-2018-4070"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1195"
}
]
},
"id": "VAR-201905-0859",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13408"
},
{
"db": "VULHUB",
"id": "VHN-134101"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13408"
}
]
},
"last_update_date": "2023-12-18T13:23:45.216000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AirLink ES450: LTE Enterprise Gateway",
"trust": 0.8,
"url": "https://www.sierrawireless.com/products-and-solutions/routers-gateways/es450/"
},
{
"title": "Patch for SierraWirelessAirLinkES450 Information Disclosure Vulnerability (CNVD-2019-13408)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/160595"
},
{
"title": "Sierra Wireless AirLink ES450 Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92011"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13408"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015387"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1195"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134101"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015387"
},
{
"db": "NVD",
"id": "CVE-2018-4070"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2018-0755"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4070"
},
{
"trust": 1.2,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2018-0755"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4070"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152655/sierra-wireless-airlink-es450-acemanager-embedded/ace/get/task.cgi-information-disclosure.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13408"
},
{
"db": "VULHUB",
"id": "VHN-134101"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015387"
},
{
"db": "NVD",
"id": "CVE-2018-4070"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1195"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-13408"
},
{
"db": "VULHUB",
"id": "VHN-134101"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015387"
},
{
"db": "NVD",
"id": "CVE-2018-4070"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1195"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-13408"
},
{
"date": "2019-05-06T00:00:00",
"db": "VULHUB",
"id": "VHN-134101"
},
{
"date": "2019-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015387"
},
{
"date": "2019-05-06T19:29:00.903000",
"db": "NVD",
"id": "CVE-2018-4070"
},
{
"date": "2019-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1195"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-13408"
},
{
"date": "2019-05-07T00:00:00",
"db": "VULHUB",
"id": "VHN-134101"
},
{
"date": "2019-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015387"
},
{
"date": "2019-05-07T15:49:39.087000",
"db": "NVD",
"id": "CVE-2018-4070"
},
{
"date": "2019-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1195"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1195"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sierra Wireless AirLink ES450 FW Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015387"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1195"
}
],
"trust": 0.6
}
}
VAR-201905-0860
Vulnerability from variot - Updated: 2023-12-18 13:23An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The EmbeddedAceTLGet_Task.cgi executable is used to retrieve MSCII configuration values within the configuration manager of the AirLink ES450. This binary does not have any restricted configuration settings, so once the MSCIID is discovered, any authenticated user can send configuration changes using the /cgi-bin/Embedded_Ace_TLGet_Task.cgi endpoint. The SierraWirelessAirLinkES450 is a cellular network modem device from Sierra Wireless, Canada. The vulnerability stems from errors in the configuration of the network system or product during operation. An unauthorized attacker can exploit the vulnerability to obtain sensitive information about the affected component. :
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0860",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "airlink es450",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": "4.9.3"
},
{
"model": "airlink es450",
"scope": "eq",
"trust": 0.8,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "wireless airlink es450",
"scope": "eq",
"trust": 0.6,
"vendor": "sierra",
"version": "4.9.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13407"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015402"
},
{
"db": "NVD",
"id": "CVE-2018-4071"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sierrawireless:airlink_es450_firmware:4.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_es450:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4071"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Carl Hurd and Jared Rittle of Cisco Talos.,Discovered by Carl Hurd and Jared Rittle of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1192"
}
],
"trust": 0.6
},
"cve": "CVE-2018-4071",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-4071",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-13407",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-134102",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-4071",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-4071",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-13407",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-1192",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-134102",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13407"
},
{
"db": "VULHUB",
"id": "VHN-134102"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015402"
},
{
"db": "NVD",
"id": "CVE-2018-4071"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1192"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The EmbeddedAceTLGet_Task.cgi executable is used to retrieve MSCII configuration values within the configuration manager of the AirLink ES450. This binary does not have any restricted configuration settings, so once the MSCIID is discovered, any authenticated user can send configuration changes using the /cgi-bin/Embedded_Ace_TLGet_Task.cgi endpoint. The SierraWirelessAirLinkES450 is a cellular network modem device from Sierra Wireless, Canada. The vulnerability stems from errors in the configuration of the network system or product during operation. An unauthorized attacker can exploit the vulnerability to obtain sensitive information about the affected component. :",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4071"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015402"
},
{
"db": "CNVD",
"id": "CNVD-2019-13407"
},
{
"db": "VULHUB",
"id": "VHN-134102"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-4071",
"trust": 3.1
},
{
"db": "TALOS",
"id": "TALOS-2018-0755",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015402",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1192",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-13407",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "152655",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-134102",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13407"
},
{
"db": "VULHUB",
"id": "VHN-134102"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015402"
},
{
"db": "NVD",
"id": "CVE-2018-4071"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1192"
}
]
},
"id": "VAR-201905-0860",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13407"
},
{
"db": "VULHUB",
"id": "VHN-134102"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13407"
}
]
},
"last_update_date": "2023-12-18T13:23:45.187000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AirLink ES450",
"trust": 0.8,
"url": "https://www.sierrawireless.com/products-and-solutions/routers-gateways/es450/"
},
{
"title": "Patch for SierraWirelessAirLinkES450 Information Disclosure Vulnerability (CNVD-2019-13407)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/160593"
},
{
"title": "Sierra Wireless AirLink ES450 Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92009"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13407"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015402"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1192"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134102"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015402"
},
{
"db": "NVD",
"id": "CVE-2018-4071"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2018-0755"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4071"
},
{
"trust": 1.2,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2018-0755"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4071"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152655/sierra-wireless-airlink-es450-acemanager-embedded/ace/get/task.cgi-information-disclosure.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13407"
},
{
"db": "VULHUB",
"id": "VHN-134102"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015402"
},
{
"db": "NVD",
"id": "CVE-2018-4071"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1192"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-13407"
},
{
"db": "VULHUB",
"id": "VHN-134102"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015402"
},
{
"db": "NVD",
"id": "CVE-2018-4071"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1192"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-13407"
},
{
"date": "2019-05-06T00:00:00",
"db": "VULHUB",
"id": "VHN-134102"
},
{
"date": "2019-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015402"
},
{
"date": "2019-05-06T19:29:00.950000",
"db": "NVD",
"id": "CVE-2018-4071"
},
{
"date": "2019-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1192"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-13407"
},
{
"date": "2019-05-08T00:00:00",
"db": "VULHUB",
"id": "VHN-134102"
},
{
"date": "2019-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015402"
},
{
"date": "2019-05-08T13:28:17.063000",
"db": "NVD",
"id": "CVE-2018-4071"
},
{
"date": "2019-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1192"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1192"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sierra Wireless AirLink ES450 Information disclosure vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015402"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1192"
}
],
"trust": 0.6
}
}
VAR-201708-1444
Vulnerability from variot - Updated: 2023-12-18 13:19Multiple unquoted service path vulnerabilities in Sierra Wireless Windows Mobile Broadband Driver Package (MBDP) with build ID < 4657 allows local users to launch processes with elevated privileges. LenovoIdeaPadMiix510-12ISK and other are Lenovo's notebook products. SierraWirelessWANdriver is one of the wireless drivers for Sierra Wireless, Canada. A local attacker could exploit the vulnerability with an unreferenced service path to execute the file with administrator privileges. Lenovo IdeaPadMiix 510-12ISK, etc. The following products are affected: Lenovo IdeaPadMiix 510-12ISK; IdeaPadMiix 510-12IKB; ThinkPad L450; ThinkPad L460 Larue-2; ThinkPad L560; ThinkPad P40; ThinkPad P50; ThinkPad P50s;
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1444",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sierra wireless location sensor driver",
"scope": "eq",
"trust": 1.6,
"vendor": "sierrawireless",
"version": null
},
{
"model": "sierra wireless em7345 software",
"scope": "eq",
"trust": 1.6,
"vendor": "sierrawireless",
"version": null
},
{
"model": "sierra wireless em7455 software",
"scope": "eq",
"trust": 1.6,
"vendor": "sierrawireless",
"version": null
},
{
"model": "wireless em7345 software",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "wireless em7455 software",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "wireless location sensor driver",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "ideapad miix 510-12isk",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "ideapad miix 510-12ikb",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad l450",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad l460 larue-2",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad l560",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad p40",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad p50",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad p50s",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad p51s kbl",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad p51s skl",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24535"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007270"
},
{
"db": "NVD",
"id": "CVE-2017-9247"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-650"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sierrawireless:sierra_wireless_em7455_software:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sierrawireless:sierra_wireless_em7345_software:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sierrawireless:sierra_wireless_location_sensor_driver:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9247"
}
]
},
"cve": "CVE-2017-9247",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-9247",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-24535",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-117450",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-9247",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-9247",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-24535",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-650",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-117450",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24535"
},
{
"db": "VULHUB",
"id": "VHN-117450"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007270"
},
{
"db": "NVD",
"id": "CVE-2017-9247"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-650"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple unquoted service path vulnerabilities in Sierra Wireless Windows Mobile Broadband Driver Package (MBDP) with build ID \u003c 4657 allows local users to launch processes with elevated privileges. LenovoIdeaPadMiix510-12ISK and other are Lenovo\u0027s notebook products. SierraWirelessWANdriver is one of the wireless drivers for Sierra Wireless, Canada. A local attacker could exploit the vulnerability with an unreferenced service path to execute the file with administrator privileges. Lenovo IdeaPadMiix 510-12ISK, etc. The following products are affected: Lenovo IdeaPadMiix 510-12ISK; IdeaPadMiix 510-12IKB; ThinkPad L450; ThinkPad L460 Larue-2; ThinkPad L560; ThinkPad P40; ThinkPad P50; ThinkPad P50s;",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9247"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007270"
},
{
"db": "CNVD",
"id": "CNVD-2017-24535"
},
{
"db": "VULHUB",
"id": "VHN-117450"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9247",
"trust": 3.1
},
{
"db": "LENOVO",
"id": "LEN-12739",
"trust": 2.3
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007270",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201707-650",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-24535",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-117450",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24535"
},
{
"db": "VULHUB",
"id": "VHN-117450"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007270"
},
{
"db": "NVD",
"id": "CVE-2017-9247"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-650"
}
]
},
"id": "VAR-201708-1444",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24535"
},
{
"db": "VULHUB",
"id": "VHN-117450"
}
],
"trust": 1.5829365071428572
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24535"
}
]
},
"last_update_date": "2023-12-18T13:19:25.200000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2017-9247: Unquoted Service Path Vulnerabilities",
"trust": 0.8,
"url": "https://source.sierrawireless.com/resources/airprime/software/cve-2017-9247-unquoted-service-path-vulnerabilities/"
},
{
"title": "LEN-12739",
"trust": 0.8,
"url": "https://support.lenovo.com/cr/ja/product_security/len-12739"
},
{
"title": "Patches for a variety of Lenovo products SierraWirelessWAN driver privilege escalation vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/101457"
},
{
"title": "Multiple Lenovo product Sierra Wireless WAN Fixes for driver permission and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=71749"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24535"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007270"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-650"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-428",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-117450"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007270"
},
{
"db": "NVD",
"id": "CVE-2017-9247"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://source.sierrawireless.com/resources/airprime/software/cve-2017-9247-unquoted-service-path-vulnerabilities/"
},
{
"trust": 1.2,
"url": "https://support.lenovo.com/us/zh/product_security/len-12739"
},
{
"trust": 1.1,
"url": "http://support.lenovo.com/us/en/product_security/len-12739"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9247"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9247"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24535"
},
{
"db": "VULHUB",
"id": "VHN-117450"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007270"
},
{
"db": "NVD",
"id": "CVE-2017-9247"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-650"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-24535"
},
{
"db": "VULHUB",
"id": "VHN-117450"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007270"
},
{
"db": "NVD",
"id": "CVE-2017-9247"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-650"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-24535"
},
{
"date": "2017-08-02T00:00:00",
"db": "VULHUB",
"id": "VHN-117450"
},
{
"date": "2017-09-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007270"
},
{
"date": "2017-08-02T19:29:01.007000",
"db": "NVD",
"id": "CVE-2017-9247"
},
{
"date": "2017-07-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-650"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-24535"
},
{
"date": "2017-08-25T00:00:00",
"db": "VULHUB",
"id": "VHN-117450"
},
{
"date": "2017-09-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007270"
},
{
"date": "2017-08-25T11:43:55.450000",
"db": "NVD",
"id": "CVE-2017-9247"
},
{
"date": "2017-08-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-650"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-650"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sierra Wireless Windows Mobile Broadband Driver Package Vulnerabilities related to unquoted search paths or elements",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007270"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-650"
}
],
"trust": 0.6
}
}
VAR-201704-0137
Vulnerability from variot - Updated: 2023-12-18 13:14Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user. Sierra Wireless GX 440 Device ALEOS The firmware contains a vulnerability related to the management of certificates and passwords.Information is acquired, information is falsified, and denial of service (DoS) An attack could be made. The Sierra Wireless GX440 is a gateway device from Sierra Wireless, Canada. The SierraWirelessGX440 has a weak password vulnerability that can be exploited by remote attackers to submit special requests and recover passwords
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0137",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "aleos",
"scope": "eq",
"trust": 1.6,
"vendor": "sierrawireless",
"version": "4.3.2"
},
{
"model": "aleos",
"scope": "eq",
"trust": 0.8,
"vendor": "sierra",
"version": "4.3.2"
},
{
"model": "wireless gx440",
"scope": "eq",
"trust": 0.6,
"vendor": "sierra",
"version": "4.3.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10180"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008298"
},
{
"db": "NVD",
"id": "CVE-2016-5066"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-509"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sierrawireless:aleos_firmware:4.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:gx_440:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5066"
}
]
},
"cve": "CVE-2016-5066",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-5066",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-10180",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-93885",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-5066",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-5066",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2017-10180",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-509",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-93885",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10180"
},
{
"db": "VULHUB",
"id": "VHN-93885"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008298"
},
{
"db": "NVD",
"id": "CVE-2016-5066"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-509"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user. Sierra Wireless GX 440 Device ALEOS The firmware contains a vulnerability related to the management of certificates and passwords.Information is acquired, information is falsified, and denial of service (DoS) An attack could be made. The Sierra Wireless GX440 is a gateway device from Sierra Wireless, Canada. The SierraWirelessGX440 has a weak password vulnerability that can be exploited by remote attackers to submit special requests and recover passwords",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5066"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008298"
},
{
"db": "CNVD",
"id": "CNVD-2017-10180"
},
{
"db": "VULHUB",
"id": "VHN-93885"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5066",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008298",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-509",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-10180",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-93885",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10180"
},
{
"db": "VULHUB",
"id": "VHN-93885"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008298"
},
{
"db": "NVD",
"id": "CVE-2016-5066"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-509"
}
]
},
"id": "VAR-201704-0137",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10180"
},
{
"db": "VULHUB",
"id": "VHN-93885"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10180"
}
]
},
"last_update_date": "2023-12-18T13:14:23.388000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Getting started with AirLink Intelligent Gateways",
"trust": 0.8,
"url": "https://source.sierrawireless.com/airvantage/avc/howto/hardware/airlink_getting_started/"
},
{
"title": "Patch for SierraWirelessGX440 Weak Password Vulnerability (CNVD-2017-10180)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/95711"
},
{
"title": "Sierra Wireless GX440 Repair measures for trust management vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70154"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10180"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008298"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-509"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93885"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008298"
},
{
"db": "NVD",
"id": "CVE-2016-5066"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://carvesystems.com/sierra-wireless-2016-advisory.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5066"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5066"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10180"
},
{
"db": "VULHUB",
"id": "VHN-93885"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008298"
},
{
"db": "NVD",
"id": "CVE-2016-5066"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-509"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-10180"
},
{
"db": "VULHUB",
"id": "VHN-93885"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008298"
},
{
"db": "NVD",
"id": "CVE-2016-5066"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-509"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-10180"
},
{
"date": "2017-04-10T00:00:00",
"db": "VULHUB",
"id": "VHN-93885"
},
{
"date": "2017-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008298"
},
{
"date": "2017-04-10T03:59:01.607000",
"db": "NVD",
"id": "CVE-2016-5066"
},
{
"date": "2017-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-509"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-10180"
},
{
"date": "2017-04-14T00:00:00",
"db": "VULHUB",
"id": "VHN-93885"
},
{
"date": "2017-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008298"
},
{
"date": "2017-04-14T15:41:12.140000",
"db": "NVD",
"id": "CVE-2016-5066"
},
{
"date": "2017-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-509"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-509"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sierra Wireless GX 440 Device ALEOS Vulnerability in managing certificates and passwords in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008298"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-509"
}
],
"trust": 0.6
}
}
VAR-201704-0141
Vulnerability from variot - Updated: 2023-12-18 12:57Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext. Sierra Wireless GX 440 Device ALEOS The firmware contains a vulnerability related to the management of certificates and passwords.Information is acquired, information is falsified, and denial of service (DoS) An attack could be made. The Sierra Wireless GX440 is a gateway device from Sierra Wireless, Canada. The SierraWirelessGX440 has a weak password storage vulnerability that can be exploited by remote attackers to submit special requests for sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0141",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "aleos",
"scope": "eq",
"trust": 1.6,
"vendor": "sierrawireless",
"version": "4.3.2"
},
{
"model": "aleos",
"scope": "eq",
"trust": 0.8,
"vendor": "sierra",
"version": "4.3.2"
},
{
"model": "wireless gx440",
"scope": "eq",
"trust": 0.6,
"vendor": "sierra",
"version": "4.3.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10185"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008302"
},
{
"db": "NVD",
"id": "CVE-2016-5070"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-505"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sierrawireless:aleos_firmware:4.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:gx_440:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5070"
}
]
},
"cve": "CVE-2016-5070",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-5070",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-10185",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-93889",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-5070",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-5070",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2017-10185",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-505",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-93889",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10185"
},
{
"db": "VULHUB",
"id": "VHN-93889"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008302"
},
{
"db": "NVD",
"id": "CVE-2016-5070"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-505"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext. Sierra Wireless GX 440 Device ALEOS The firmware contains a vulnerability related to the management of certificates and passwords.Information is acquired, information is falsified, and denial of service (DoS) An attack could be made. The Sierra Wireless GX440 is a gateway device from Sierra Wireless, Canada. The SierraWirelessGX440 has a weak password storage vulnerability that can be exploited by remote attackers to submit special requests for sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5070"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008302"
},
{
"db": "CNVD",
"id": "CNVD-2017-10185"
},
{
"db": "VULHUB",
"id": "VHN-93889"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5070",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008302",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-505",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-10185",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-93889",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10185"
},
{
"db": "VULHUB",
"id": "VHN-93889"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008302"
},
{
"db": "NVD",
"id": "CVE-2016-5070"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-505"
}
]
},
"id": "VAR-201704-0141",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10185"
},
{
"db": "VULHUB",
"id": "VHN-93889"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10185"
}
]
},
"last_update_date": "2023-12-18T12:57:27.335000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Getting started with AirLink Intelligent Gateways",
"trust": 0.8,
"url": "https://source.sierrawireless.com/airvantage/avc/howto/hardware/airlink_getting_started/"
},
{
"title": "Patch for SierraWirelessGX440 Weak Password Storage Vulnerability (CNVD-2017-10185)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/95708"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10185"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008302"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93889"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008302"
},
{
"db": "NVD",
"id": "CVE-2016-5070"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://carvesystems.com/sierra-wireless-2016-advisory.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5070"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5070"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10185"
},
{
"db": "VULHUB",
"id": "VHN-93889"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008302"
},
{
"db": "NVD",
"id": "CVE-2016-5070"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-505"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-10185"
},
{
"db": "VULHUB",
"id": "VHN-93889"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008302"
},
{
"db": "NVD",
"id": "CVE-2016-5070"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-505"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-10185"
},
{
"date": "2017-04-10T00:00:00",
"db": "VULHUB",
"id": "VHN-93889"
},
{
"date": "2017-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008302"
},
{
"date": "2017-04-10T03:59:01.733000",
"db": "NVD",
"id": "CVE-2016-5070"
},
{
"date": "2017-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-505"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-10185"
},
{
"date": "2017-04-14T00:00:00",
"db": "VULHUB",
"id": "VHN-93889"
},
{
"date": "2017-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008302"
},
{
"date": "2017-04-14T15:46:59.120000",
"db": "NVD",
"id": "CVE-2016-5070"
},
{
"date": "2017-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-505"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-505"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sierra Wireless GX 440 Device ALEOS Vulnerability in managing certificates and passwords in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008302"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-505"
}
],
"trust": 0.6
}
}
VAR-201905-0862
Vulnerability from variot - Updated: 2023-12-18 12:56An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The the binary the endpoint /cgi-bin/Embeded_Ace_TLSet_Task.cgi is a very similar endpoint that is designed for use with setting table values that can cause an arbitrary setting writes, resulting in the unverified changes to any system setting. An attacker can make an authenticated HTTP request, or run the binary as any user, to trigger this vulnerability. Sierra Wireless AirLink ES450 Firmware contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Sierra Wireless AirLink ES450 is a cellular network modem device from Sierra Wireless Canada. An attacker could exploit this vulnerability by sending specially crafted HTTP requests to change other users' passwords, enable or disable services, and change arbitrary configuration settings
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0862",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "airlink es450",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": "4.9.3"
},
{
"model": "airlink es450",
"scope": "eq",
"trust": 0.8,
"vendor": "sierra",
"version": "4.9.3"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015404"
},
{
"db": "NVD",
"id": "CVE-2018-4073"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sierrawireless:airlink_es450_firmware:4.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_es450:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4073"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Carl Hurd of Cisco Talos.,Carl Hurd of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1185"
}
],
"trust": 0.6
},
"cve": "CVE-2018-4073",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-4073",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-134104",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-4073",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-4073",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-1185",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-134104",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134104"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015404"
},
{
"db": "NVD",
"id": "CVE-2018-4073"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1185"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The the binary the endpoint /cgi-bin/Embeded_Ace_TLSet_Task.cgi is a very similar endpoint that is designed for use with setting table values that can cause an arbitrary setting writes, resulting in the unverified changes to any system setting. An attacker can make an authenticated HTTP request, or run the binary as any user, to trigger this vulnerability. Sierra Wireless AirLink ES450 Firmware contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Sierra Wireless AirLink ES450 is a cellular network modem device from Sierra Wireless Canada. An attacker could exploit this vulnerability by sending specially crafted HTTP requests to change other users\u0027 passwords, enable or disable services, and change arbitrary configuration settings",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4073"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015404"
},
{
"db": "VULHUB",
"id": "VHN-134104"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-4073",
"trust": 2.5
},
{
"db": "TALOS",
"id": "TALOS-2018-0756",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015404",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1185",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-134104",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134104"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015404"
},
{
"db": "NVD",
"id": "CVE-2018-4073"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1185"
}
]
},
"id": "VAR-201905-0862",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-134104"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:56:32.639000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AirLink ES450",
"trust": 0.8,
"url": "https://www.sierrawireless.com/products-and-solutions/routers-gateways/es450/"
},
{
"title": "Sierra Wireless AirLink ES450 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92007"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015404"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1185"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-732",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134104"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015404"
},
{
"db": "NVD",
"id": "CVE-2018-4073"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2018-0756"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4073"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4073"
},
{
"trust": 0.6,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2018-0756"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134104"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015404"
},
{
"db": "NVD",
"id": "CVE-2018-4073"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1185"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-134104"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015404"
},
{
"db": "NVD",
"id": "CVE-2018-4073"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1185"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-06T00:00:00",
"db": "VULHUB",
"id": "VHN-134104"
},
{
"date": "2019-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015404"
},
{
"date": "2019-05-06T19:29:01.090000",
"db": "NVD",
"id": "CVE-2018-4073"
},
{
"date": "2019-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1185"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-134104"
},
{
"date": "2019-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015404"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-4073"
},
{
"date": "2019-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1185"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1185"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sierra Wireless AirLink ES450 Firmware vulnerabilities related to authorization, authority, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015404"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1185"
}
],
"trust": 0.6
}
}
VAR-201905-0861
Vulnerability from variot - Updated: 2023-12-18 12:56An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The EmbeddedAceSet_Task.cgi executable is used to change MSCII configuration values within the configuration manager of the AirLink ES450. This binary does not have any restricted configuration settings, so once the MSCIID is discovered, any authenticated user can send configuration changes using the /cgi-bin/Embedded_Ace_Set_Task.cgi endpoint. Sierra Wireless AirLink ES450 Firmware contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The SierraWirelessAirLinkES450 is a cellular network modem device from Sierra Wireless, Canada. A security vulnerability exists in the ACEManagerEmbeddedAceSet_Task.cgi feature in the SierraWirelessAirLinkES450 using firmware version 4.9.3. An attacker could exploit the vulnerability to change other user passwords by sending a specially crafted HTTP request, enable or disable the service, and change any configuration settings
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0861",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "airlink es450",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": "4.9.3"
},
{
"model": "airlink es450",
"scope": "eq",
"trust": 0.8,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "wireless airlink es450",
"scope": "eq",
"trust": 0.6,
"vendor": "sierra",
"version": "4.9.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-15931"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015403"
},
{
"db": "NVD",
"id": "CVE-2018-4072"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sierrawireless:airlink_es450_firmware:4.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_es450:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4072"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Carl Hurd of Cisco Talos.,Carl Hurd of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1188"
}
],
"trust": 0.6
},
"cve": "CVE-2018-4072",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-4072",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-15931",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-134103",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-4072",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-4072",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-15931",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-1188",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-134103",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-15931"
},
{
"db": "VULHUB",
"id": "VHN-134103"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015403"
},
{
"db": "NVD",
"id": "CVE-2018-4072"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1188"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The EmbeddedAceSet_Task.cgi executable is used to change MSCII configuration values within the configuration manager of the AirLink ES450. This binary does not have any restricted configuration settings, so once the MSCIID is discovered, any authenticated user can send configuration changes using the /cgi-bin/Embedded_Ace_Set_Task.cgi endpoint. Sierra Wireless AirLink ES450 Firmware contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The SierraWirelessAirLinkES450 is a cellular network modem device from Sierra Wireless, Canada. A security vulnerability exists in the ACEManagerEmbeddedAceSet_Task.cgi feature in the SierraWirelessAirLinkES450 using firmware version 4.9.3. An attacker could exploit the vulnerability to change other user passwords by sending a specially crafted HTTP request, enable or disable the service, and change any configuration settings",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4072"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015403"
},
{
"db": "CNVD",
"id": "CNVD-2019-15931"
},
{
"db": "VULHUB",
"id": "VHN-134103"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "TALOS",
"id": "TALOS-2018-0756",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2018-4072",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015403",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1188",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-15931",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-134103",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-15931"
},
{
"db": "VULHUB",
"id": "VHN-134103"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015403"
},
{
"db": "NVD",
"id": "CVE-2018-4072"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1188"
}
]
},
"id": "VAR-201905-0861",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-15931"
},
{
"db": "VULHUB",
"id": "VHN-134103"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-15931"
}
]
},
"last_update_date": "2023-12-18T12:56:32.611000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AirLink ES450",
"trust": 0.8,
"url": "https://www.sierrawireless.com/products-and-solutions/routers-gateways/es450/"
},
{
"title": "Patch for SierraWirelessAirLinkES450 Permissions and Access Control Issue Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/162455"
},
{
"title": "Sierra Wireless AirLink ES450 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92008"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-15931"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015403"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1188"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-732",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134103"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015403"
},
{
"db": "NVD",
"id": "CVE-2018-4072"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2018-0756"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4072"
},
{
"trust": 1.2,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2018-0756"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4072"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-15931"
},
{
"db": "VULHUB",
"id": "VHN-134103"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015403"
},
{
"db": "NVD",
"id": "CVE-2018-4072"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1188"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-15931"
},
{
"db": "VULHUB",
"id": "VHN-134103"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015403"
},
{
"db": "NVD",
"id": "CVE-2018-4072"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1188"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-15931"
},
{
"date": "2019-05-06T00:00:00",
"db": "VULHUB",
"id": "VHN-134103"
},
{
"date": "2019-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015403"
},
{
"date": "2019-05-06T19:29:01.013000",
"db": "NVD",
"id": "CVE-2018-4072"
},
{
"date": "2019-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1188"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-15931"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-134103"
},
{
"date": "2019-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015403"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-4072"
},
{
"date": "2019-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1188"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1188"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sierra Wireless AirLink ES450 Firmware vulnerabilities related to authorization, authority, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015403"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1188"
}
],
"trust": 0.6
}
}
VAR-201604-0316
Vulnerability from variot - Updated: 2023-12-18 12:51ACEmanager in Sierra Wireless ALEOS 4.4.2 and earlier on ES440, ES450, GX400, GX440, GX450, and LS300 devices allows remote attackers to read the filteredlogs.txt file, and consequently discover potentially sensitive boot-sequence information, via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-538: File and Directory Information Exposure ( Leakage of file and directory information ) Has been identified. https://cwe.mitre.org/data/definitions/538.htmlBy a third party filteredlogs.txt The file can be read and as a result, important boot sequence information can be obtained. The SierraWirelessALEOSonES440, ES450, GX400, GX440, GX450 and LS300 are a suite of application frameworks running on the ES440, ES450, GX400, GX440, GX450 and LS300 Smart Gateway devices. A security vulnerability exists in ACEmanager in Sierra Wireless ALEOS 4.4.2 and earlier on several Sierra Wireless devices. The following products are affected: Sierra Wireless ES440, ES450, GX400, GX440, GX450, LS300
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0316",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "aleos",
"scope": "lte",
"trust": 1.0,
"vendor": "sierrawireless",
"version": "4.4.2"
},
{
"model": "airlink es440",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "airlink es450",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "airlink gx400",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "airlink gx440",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "airlink gx450",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "airlink ls300",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "aleos",
"scope": "lte",
"trust": 0.8,
"vendor": "sierra",
"version": "4.4.2"
},
{
"model": "wireless aleos",
"scope": "lte",
"trust": 0.6,
"vendor": "sierra",
"version": "\u003c=4.4.2"
},
{
"model": "wireless es440",
"scope": null,
"trust": 0.6,
"vendor": "sierra",
"version": null
},
{
"model": "wireless es450",
"scope": null,
"trust": 0.6,
"vendor": "sierra",
"version": null
},
{
"model": "wireless gx400",
"scope": null,
"trust": 0.6,
"vendor": "sierra",
"version": null
},
{
"model": "wireless gx440",
"scope": null,
"trust": 0.6,
"vendor": "sierra",
"version": null
},
{
"model": "wireless gx450",
"scope": null,
"trust": 0.6,
"vendor": "sierra",
"version": null
},
{
"model": "wireless ls300",
"scope": null,
"trust": 0.6,
"vendor": "sierra",
"version": null
},
{
"model": "aleos",
"scope": "eq",
"trust": 0.6,
"vendor": "sierra",
"version": "4.4.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02641"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007103"
},
{
"db": "NVD",
"id": "CVE-2015-6479"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-510"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.4.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:es440:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:es450:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:gx400:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:gx440:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:gx450:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:ls300:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6479"
}
]
},
"cve": "CVE-2015-6479",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-6479",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-02641",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-84440",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2015-6479",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-6479",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-02641",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-510",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-84440",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02641"
},
{
"db": "VULHUB",
"id": "VHN-84440"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007103"
},
{
"db": "NVD",
"id": "CVE-2015-6479"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-510"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ACEmanager in Sierra Wireless ALEOS 4.4.2 and earlier on ES440, ES450, GX400, GX440, GX450, and LS300 devices allows remote attackers to read the filteredlogs.txt file, and consequently discover potentially sensitive boot-sequence information, via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-538: File and Directory Information Exposure ( Leakage of file and directory information ) Has been identified. https://cwe.mitre.org/data/definitions/538.htmlBy a third party filteredlogs.txt The file can be read and as a result, important boot sequence information can be obtained. The SierraWirelessALEOSonES440, ES450, GX400, GX440, GX450 and LS300 are a suite of application frameworks running on the ES440, ES450, GX400, GX440, GX450 and LS300 Smart Gateway devices. A security vulnerability exists in ACEmanager in Sierra Wireless ALEOS 4.4.2 and earlier on several Sierra Wireless devices. The following products are affected: Sierra Wireless ES440, ES450, GX400, GX440, GX450, LS300",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6479"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007103"
},
{
"db": "CNVD",
"id": "CNVD-2016-02641"
},
{
"db": "VULHUB",
"id": "VHN-84440"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-16-105-01",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2015-6479",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007103",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-510",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-02641",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-84440",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02641"
},
{
"db": "VULHUB",
"id": "VHN-84440"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007103"
},
{
"db": "NVD",
"id": "CVE-2015-6479"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-510"
}
]
},
"id": "VAR-201604-0316",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02641"
},
{
"db": "VULHUB",
"id": "VHN-84440"
}
],
"trust": 1.6642857142857141
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02641"
}
]
},
"last_update_date": "2023-12-18T12:51:32.404000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ALEOS Application Framework",
"trust": 0.8,
"url": "http://source.sierrawireless.com/resources/airlink/aleos_af/aleos_af_home/"
},
{
"title": "Source",
"trust": 0.8,
"url": "http://source.sierrawireless.com/"
},
{
"title": "Patches for multiple SierraWireless devices ALEOS sensitive information disclosure vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/74832"
},
{
"title": "Multiple Sierra Wireless device ALEOS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61199"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02641"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007103"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-510"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007103"
},
{
"db": "NVD",
"id": "CVE-2015-6479"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-105-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6479"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6479"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02641"
},
{
"db": "VULHUB",
"id": "VHN-84440"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007103"
},
{
"db": "NVD",
"id": "CVE-2015-6479"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-510"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-02641"
},
{
"db": "VULHUB",
"id": "VHN-84440"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007103"
},
{
"db": "NVD",
"id": "CVE-2015-6479"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-510"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02641"
},
{
"date": "2016-04-21T00:00:00",
"db": "VULHUB",
"id": "VHN-84440"
},
{
"date": "2016-04-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007103"
},
{
"date": "2016-04-21T10:59:01.537000",
"db": "NVD",
"id": "CVE-2015-6479"
},
{
"date": "2016-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-510"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02641"
},
{
"date": "2016-05-18T00:00:00",
"db": "VULHUB",
"id": "VHN-84440"
},
{
"date": "2016-04-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007103"
},
{
"date": "2021-06-17T17:42:09.983000",
"db": "NVD",
"id": "CVE-2015-6479"
},
{
"date": "2016-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-510"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-510"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Run on multiple devices Sierra Wireless ALEOS of ACEmanager In filteredlogs.txt File read vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007103"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-510"
}
],
"trust": 0.6
}
}
VAR-201704-0142
Vulnerability from variot - Updated: 2023-12-18 12:29Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root. Sierra Wireless GX 440 Device ALEOS Firmware contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. The Sierra Wireless GX440 is a gateway device from Sierra Wireless, Canada. The SierraWirelessGX440 has a privilege escalation vulnerability that can be exploited by remote attackers to submit special requests and escalate permissions. A security vulnerability exists in the Sierra Wireless GX440 using ALEOS firmware version 4.3.2. An attacker can exploit this vulnerability to operate and manage web applications with root privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0142",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "aleos",
"scope": "eq",
"trust": 1.6,
"vendor": "sierrawireless",
"version": "4.3.2"
},
{
"model": "aleos",
"scope": "eq",
"trust": 0.8,
"vendor": "sierra",
"version": "4.3.2"
},
{
"model": "wireless gx440",
"scope": "eq",
"trust": 0.6,
"vendor": "sierra",
"version": "4.3.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10178"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008303"
},
{
"db": "NVD",
"id": "CVE-2016-5071"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-504"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sierrawireless:aleos_firmware:4.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:gx_440:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5071"
}
]
},
"cve": "CVE-2016-5071",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-5071",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-10178",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-93890",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-5071",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-5071",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-10178",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-504",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-93890",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10178"
},
{
"db": "VULHUB",
"id": "VHN-93890"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008303"
},
{
"db": "NVD",
"id": "CVE-2016-5071"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-504"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root. Sierra Wireless GX 440 Device ALEOS Firmware contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. The Sierra Wireless GX440 is a gateway device from Sierra Wireless, Canada. The SierraWirelessGX440 has a privilege escalation vulnerability that can be exploited by remote attackers to submit special requests and escalate permissions. A security vulnerability exists in the Sierra Wireless GX440 using ALEOS firmware version 4.3.2. An attacker can exploit this vulnerability to operate and manage web applications with root privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5071"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008303"
},
{
"db": "CNVD",
"id": "CNVD-2017-10178"
},
{
"db": "VULHUB",
"id": "VHN-93890"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5071",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008303",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-504",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-10178",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-93890",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10178"
},
{
"db": "VULHUB",
"id": "VHN-93890"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008303"
},
{
"db": "NVD",
"id": "CVE-2016-5071"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-504"
}
]
},
"id": "VAR-201704-0142",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10178"
},
{
"db": "VULHUB",
"id": "VHN-93890"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10178"
}
]
},
"last_update_date": "2023-12-18T12:29:44.033000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Getting started with AirLink Intelligent Gateways",
"trust": 0.8,
"url": "https://source.sierrawireless.com/airvantage/avc/howto/hardware/airlink_getting_started/"
},
{
"title": "Patch for the SierraWirelessGX440 Privilege Escalation Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/95709"
},
{
"title": "Sierra Wireless GX440 Fixes for permission permissions and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70152"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10178"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008303"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-504"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93890"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008303"
},
{
"db": "NVD",
"id": "CVE-2016-5071"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://carvesystems.com/sierra-wireless-2016-advisory.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5071"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5071"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10178"
},
{
"db": "VULHUB",
"id": "VHN-93890"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008303"
},
{
"db": "NVD",
"id": "CVE-2016-5071"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-504"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-10178"
},
{
"db": "VULHUB",
"id": "VHN-93890"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008303"
},
{
"db": "NVD",
"id": "CVE-2016-5071"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-504"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-10178"
},
{
"date": "2017-04-10T00:00:00",
"db": "VULHUB",
"id": "VHN-93890"
},
{
"date": "2017-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008303"
},
{
"date": "2017-04-10T03:59:01.780000",
"db": "NVD",
"id": "CVE-2016-5071"
},
{
"date": "2017-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-504"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-10178"
},
{
"date": "2017-04-14T00:00:00",
"db": "VULHUB",
"id": "VHN-93890"
},
{
"date": "2017-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008303"
},
{
"date": "2017-04-14T15:46:14.760000",
"db": "NVD",
"id": "CVE-2016-5071"
},
{
"date": "2017-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-504"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-504"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sierra Wireless GX 440 Device ALEOS Firmware vulnerabilities related to authorization, authority, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008303"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-504"
}
],
"trust": 0.6
}
}
VAR-201805-0208
Vulnerability from variot - Updated: 2023-12-18 12:18A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.5 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9 could allow an authenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. This vulnerability is due to insufficient input validation on user-controlled input in an HTTP request to the targeted device. An attacker in possession of router login credentials could exploit this vulnerability by sending a crafted HTTP request to an affected system. plural Sierra Wireless Vulnerability related to input validation exists in the firmware of routers made by the manufacturer.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SierraWirelessAirLinkGX400 and others are router products of SierraWireless Canada
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0208",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mp70",
"scope": "lt",
"trust": 1.0,
"vendor": "sierrawireless",
"version": "4.9"
},
{
"model": "rv50",
"scope": "lt",
"trust": 1.0,
"vendor": "sierrawireless",
"version": "4.9"
},
{
"model": "gx440",
"scope": "lt",
"trust": 1.0,
"vendor": "sierrawireless",
"version": "4.4.5"
},
{
"model": "es440",
"scope": "lt",
"trust": 1.0,
"vendor": "sierrawireless",
"version": "4.4.5"
},
{
"model": "mp70e",
"scope": "lt",
"trust": 1.0,
"vendor": "sierrawireless",
"version": "4.9"
},
{
"model": "gx450",
"scope": "lt",
"trust": 1.0,
"vendor": "sierrawireless",
"version": "4.9"
},
{
"model": "ls300",
"scope": "lt",
"trust": 1.0,
"vendor": "sierrawireless",
"version": "4.4.5"
},
{
"model": "es450",
"scope": "lt",
"trust": 1.0,
"vendor": "sierrawireless",
"version": "4.9"
},
{
"model": "gx400",
"scope": "lt",
"trust": 1.0,
"vendor": "sierrawireless",
"version": "4.4.5"
},
{
"model": "rv50x",
"scope": "lt",
"trust": 1.0,
"vendor": "sierrawireless",
"version": "4.9"
},
{
"model": "airlink es440",
"scope": "lt",
"trust": 0.8,
"vendor": "sierra",
"version": "4.4.5"
},
{
"model": "airlink es450",
"scope": "lt",
"trust": 0.8,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "airlink gx400",
"scope": "lt",
"trust": 0.8,
"vendor": "sierra",
"version": "4.4.5"
},
{
"model": "airlink gx440",
"scope": "lt",
"trust": 0.8,
"vendor": "sierra",
"version": "4.4.5"
},
{
"model": "airlink gx450",
"scope": "lt",
"trust": 0.8,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "airlink ls300",
"scope": "lt",
"trust": 0.8,
"vendor": "sierra",
"version": "4.4.5"
},
{
"model": "airlink mp70",
"scope": "lt",
"trust": 0.8,
"vendor": "sierra",
"version": "4.9"
},
{
"model": "airlink mp70e",
"scope": "lt",
"trust": 0.8,
"vendor": "sierra",
"version": "4.9"
},
{
"model": "airlink rv50",
"scope": "lt",
"trust": 0.8,
"vendor": "sierra",
"version": "4.9"
},
{
"model": "airlink rv50x",
"scope": "lt",
"trust": 0.8,
"vendor": "sierra",
"version": "4.9"
},
{
"model": "wireless airlink es440",
"scope": "lt",
"trust": 0.6,
"vendor": "sierra",
"version": "4.4.5"
},
{
"model": "wireless airlink ls300",
"scope": "lt",
"trust": 0.6,
"vendor": "sierra",
"version": "4.4.5"
},
{
"model": "wireless airlink gx450",
"scope": "lt",
"trust": 0.6,
"vendor": "sierra",
"version": "4.9"
},
{
"model": "wireless airlink es450",
"scope": "lt",
"trust": 0.6,
"vendor": "sierra",
"version": "4.9"
},
{
"model": "wireless airlink rv50",
"scope": "lt",
"trust": 0.6,
"vendor": "sierra",
"version": "4.9"
},
{
"model": "wireless airlink rv50x",
"scope": "lt",
"trust": 0.6,
"vendor": "sierra",
"version": "4.9"
},
{
"model": "wireless airlink mp70",
"scope": "lt",
"trust": 0.6,
"vendor": "sierra",
"version": "4.9"
},
{
"model": "wireless airlink mp70e",
"scope": "lt",
"trust": 0.6,
"vendor": "sierra",
"version": "4.9"
},
{
"model": "wireless airlink gx400",
"scope": "lt",
"trust": 0.6,
"vendor": "sierra",
"version": "4.4.5"
},
{
"model": "wireless airlink gx440",
"scope": "lt",
"trust": 0.6,
"vendor": "sierra",
"version": "4.4.5"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09153"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013383"
},
{
"db": "NVD",
"id": "CVE-2017-15043"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sierrawireless:gx440_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.4.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:gx440:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sierrawireless:es440_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.4.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:es440:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sierrawireless:ls300_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.4.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:ls300:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sierrawireless:gx400_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.4.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:gx400:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sierrawireless:es450_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:es450:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sierrawireless:rv50_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:rv50:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sierrawireless:rv50x_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:rv50x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sierrawireless:mp70_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:mp70:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sierrawireless:mp70e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:mp70e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sierrawireless:gx450_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:gx450:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-15043"
}
]
},
"cve": "CVE-2017-15043",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-15043",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-09153",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-15043",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-15043",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-09153",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-165",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2017-15043",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09153"
},
{
"db": "VULMON",
"id": "CVE-2017-15043"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013383"
},
{
"db": "NVD",
"id": "CVE-2017-15043"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-165"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.5 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9 could allow an authenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. This vulnerability is due to insufficient input validation on user-controlled input in an HTTP request to the targeted device. An attacker in possession of router login credentials could exploit this vulnerability by sending a crafted HTTP request to an affected system. plural Sierra Wireless Vulnerability related to input validation exists in the firmware of routers made by the manufacturer.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SierraWirelessAirLinkGX400 and others are router products of SierraWireless Canada",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-15043"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013383"
},
{
"db": "CNVD",
"id": "CNVD-2018-09153"
},
{
"db": "VULMON",
"id": "CVE-2017-15043"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-15043",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013383",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-09153",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201805-165",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2017-15043",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09153"
},
{
"db": "VULMON",
"id": "CVE-2017-15043"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013383"
},
{
"db": "NVD",
"id": "CVE-2017-15043"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-165"
}
]
},
"id": "VAR-201805-0208",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09153"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09153"
}
]
},
"last_update_date": "2023-12-18T12:18:52.145000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SWI-PSA-2018-003: Technical Bulletin - Reaper",
"trust": 0.8,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/swi-psa-2018-003-technical-bulletin-reaper/"
},
{
"title": "Patches for arbitrary code execution vulnerabilities in various SierraWireless products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/128521"
},
{
"title": "Multiple Sierra Wireless Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79876"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/sierra-wireless-patches-critical-vulns-in-hundreds-of-thousands-of-wireless-routers/131804/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09153"
},
{
"db": "VULMON",
"id": "CVE-2017-15043"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013383"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-165"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013383"
},
{
"db": "NVD",
"id": "CVE-2017-15043"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/swi-psa-2018-003-technical-bulletin-reaper/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15043"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15043"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/sierra-wireless-patches-critical-vulns-in-hundreds-of-thousands-of-wireless-routers/131804/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09153"
},
{
"db": "VULMON",
"id": "CVE-2017-15043"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013383"
},
{
"db": "NVD",
"id": "CVE-2017-15043"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-165"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-09153"
},
{
"db": "VULMON",
"id": "CVE-2017-15043"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013383"
},
{
"db": "NVD",
"id": "CVE-2017-15043"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-165"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-09153"
},
{
"date": "2018-05-04T00:00:00",
"db": "VULMON",
"id": "CVE-2017-15043"
},
{
"date": "2018-06-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013383"
},
{
"date": "2018-05-04T20:29:00.437000",
"db": "NVD",
"id": "CVE-2017-15043"
},
{
"date": "2018-05-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-165"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-09153"
},
{
"date": "2018-06-13T00:00:00",
"db": "VULMON",
"id": "CVE-2017-15043"
},
{
"date": "2018-06-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013383"
},
{
"date": "2018-06-13T15:07:00.873000",
"db": "NVD",
"id": "CVE-2017-15043"
},
{
"date": "2018-05-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-165"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-165"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Sierra Wireless Vulnerability related to input confirmation in firmware of routers",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013383"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-165"
}
],
"trust": 0.6
}
}
VAR-201905-0853
Vulnerability from variot - Updated: 2023-12-18 12:18An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticated HTTP request to trigger this vulnerability. Sierra Wireless AirLink ES450 FW Contains an unlimited upload of dangerous types of files.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. A command-injection vulnerability 2. A security-bypass vulnerability 3. A remote code-execution vulnerability 4. An cross-site scripting vulnerability 5. A cross-site request-forgery vulnerability 6. Multiple information disclosure vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, perform certain administrative actions and gain unauthorized access to the affected application, execute arbitrary code, execute arbitrary commands with system-level privileges, This may aid in further attacks. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0853",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "airlink es450",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": "4.9.3"
},
{
"model": "airlink es450",
"scope": "eq",
"trust": 0.8,
"vendor": "sierra",
"version": "fw 4.9.3"
},
{
"model": "wireless airlink rv50x aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.2"
},
{
"model": "wireless airlink rv50 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.2"
},
{
"model": "wireless airlink mp70e aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.2"
},
{
"model": "wireless airlink mp70 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.2"
},
{
"model": "wireless airlink lx60 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.10"
},
{
"model": "wireless airlink lx40 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.1"
},
{
"model": "wireless airlink ls300 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.4.8"
},
{
"model": "wireless airlink gx450 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "wireless airlink gx440 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.4.8"
},
{
"model": "wireless airlink gx400 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.4.8"
},
{
"model": "wireless airlink es450 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "wireless airlink es440 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.4.8"
},
{
"model": "wireless airlink gx450 aleos 4.9.4.p09",
"scope": "ne",
"trust": 0.3,
"vendor": "sierra",
"version": null
},
{
"model": "wireless airlink gx450 aleos",
"scope": "ne",
"trust": 0.3,
"vendor": "sierra",
"version": "4.9.4"
},
{
"model": "wireless airlink es450 aleos 4.9.4.p09",
"scope": "ne",
"trust": 0.3,
"vendor": "sierra",
"version": null
},
{
"model": "wireless airlink es450 aleos",
"scope": "ne",
"trust": 0.3,
"vendor": "sierra",
"version": "4.9.4"
}
],
"sources": [
{
"db": "BID",
"id": "108147"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015383"
},
{
"db": "NVD",
"id": "CVE-2018-4063"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sierrawireless:airlink_es450_firmware:4.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_es450:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4063"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Carl Hurd of Cisco Talos.,Carl Hurd and Jared Rittle of Cisco Talos.,Carl Hurd and Jared Rittle of Cisco Talos reported these vulnerabilities to Sierra Wireless,Carl Hurd and Jared Rittle of Cisco Talos reported these vulnerabilities to Sierra Wireless.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1176"
}
],
"trust": 0.6
},
"cve": "CVE-2018-4063",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-4063",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-134094",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-4063",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-4063",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-1176",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-134094",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134094"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015383"
},
{
"db": "NVD",
"id": "CVE-2018-4063"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1176"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticated HTTP request to trigger this vulnerability. Sierra Wireless AirLink ES450 FW Contains an unlimited upload of dangerous types of files.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. A command-injection vulnerability\n2. A security-bypass vulnerability\n3. A remote code-execution vulnerability\n4. An cross-site scripting vulnerability\n5. A cross-site request-forgery vulnerability\n6. Multiple information disclosure vulnerabilities\nAn attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, perform certain administrative actions and gain unauthorized access to the affected application, execute arbitrary code, execute arbitrary commands with system-level privileges, This may aid in further attacks. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4063"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015383"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "VULHUB",
"id": "VHN-134094"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-134094",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134094"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-4063",
"trust": 2.8
},
{
"db": "TALOS",
"id": "TALOS-2018-0748",
"trust": 2.8
},
{
"db": "ICS CERT",
"id": "ICSA-19-122-03",
"trust": 2.8
},
{
"db": "BID",
"id": "108147",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "152648",
"trust": 1.7
},
{
"db": "TALOS",
"id": "TALOS-2018-0746",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0752",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0754",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0747",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0750",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0751",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015383",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1176",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "47358",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1530.2",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-134094",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134094"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015383"
},
{
"db": "NVD",
"id": "CVE-2018-4063"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1176"
}
]
},
"id": "VAR-201905-0853",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-134094"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:18:02.457000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AirLink ES450: LTE Enterprise Gateway",
"trust": 0.8,
"url": "https://www.sierrawireless.com/products-and-solutions/routers-gateways/es450/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015383"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-434",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134094"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015383"
},
{
"db": "NVD",
"id": "CVE-2018-4063"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-122-03"
},
{
"trust": 2.5,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2018-0748"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/108147"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/152648/sierra-wireless-airlink-es450-acemanager-upload.cgi-remote-code-execution.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4063"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/es440-firmware/es440-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/es450/es450-firmware-package-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/gx400-firmware/gx400-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/gx450/gx450-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/ls300-firmware/ls300-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/mp70/mp70-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/rv50/rv50-firmware-list/"
},
{
"trust": 0.9,
"url": "https://www.sierrawireless.com/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---swi-psa-2019-003/"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0751"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0754"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0746"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0750"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0752"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0748"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0747"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/~/media/support_downloads/airlink/docs/technical%20bulletin/swi-psa-2019-003%20-%20talos%20cves%20-%2030apr2019.ashx?la=en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4063"
},
{
"trust": 0.6,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-9-d-4-release-notes/"
},
{
"trust": 0.6,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-4-d-8-release-notes/"
},
{
"trust": 0.6,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-11-d-2-release-notes/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47358"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-122-03"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.1530.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/80158"
},
{
"trust": 0.6,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2018-0748"
},
{
"trust": 0.3,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,11,-d-,2-release-notes/"
},
{
"trust": 0.3,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,4,-d-,8-release-notes/"
},
{
"trust": 0.3,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,9,-d-,4-release-notes/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134094"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015383"
},
{
"db": "NVD",
"id": "CVE-2018-4063"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1176"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-134094"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015383"
},
{
"db": "NVD",
"id": "CVE-2018-4063"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1176"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-06T00:00:00",
"db": "VULHUB",
"id": "VHN-134094"
},
{
"date": "2019-04-25T00:00:00",
"db": "BID",
"id": "108147"
},
{
"date": "2019-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015383"
},
{
"date": "2019-05-06T19:29:00.637000",
"db": "NVD",
"id": "CVE-2018-4063"
},
{
"date": "2019-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1176"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-07T00:00:00",
"db": "VULHUB",
"id": "VHN-134094"
},
{
"date": "2019-04-25T00:00:00",
"db": "BID",
"id": "108147"
},
{
"date": "2019-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015383"
},
{
"date": "2019-05-07T20:29:00.970000",
"db": "NVD",
"id": "CVE-2018-4063"
},
{
"date": "2020-08-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1176"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1176"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sierra Wireless AirLink ES450 FW Vulnerable to unlimited upload of dangerous types of files",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015383"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1176"
}
],
"trust": 0.6
}
}
VAR-201905-0852
Vulnerability from variot - Updated: 2023-12-18 12:18A hard-coded credentials vulnerability exists in the snmpd function of the Sierra Wireless AirLink ES450 FW 4.9.3. Activating snmpd outside of the WebUI can cause the activation of the hard-coded credentials, resulting in the exposure of a privileged user. An attacker can activate snmpd without any configuration changes to trigger this vulnerability. Sierra Wireless AirLink ES450 The firmware contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. A command-injection vulnerability 2. A security-bypass vulnerability 3. A remote code-execution vulnerability 4. An cross-site scripting vulnerability 5. A cross-site request-forgery vulnerability 6. Multiple information disclosure vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, perform certain administrative actions and gain unauthorized access to the affected application, execute arbitrary code, execute arbitrary commands with system-level privileges, This may aid in further attacks. This vulnerability stems from the lack of an effective trust management mechanism in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0852",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "airlink es450",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": "4.9.3"
},
{
"model": "airlink es450",
"scope": "eq",
"trust": 0.8,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "wireless airlink rv50x aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.2"
},
{
"model": "wireless airlink rv50 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.2"
},
{
"model": "wireless airlink mp70e aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.2"
},
{
"model": "wireless airlink mp70 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.2"
},
{
"model": "wireless airlink lx60 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.10"
},
{
"model": "wireless airlink lx40 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.1"
},
{
"model": "wireless airlink ls300 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.4.8"
},
{
"model": "wireless airlink gx450 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "wireless airlink gx440 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.4.8"
},
{
"model": "wireless airlink gx400 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.4.8"
},
{
"model": "wireless airlink es450 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "wireless airlink es440 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.4.8"
},
{
"model": "wireless airlink gx450 aleos 4.9.4.p09",
"scope": "ne",
"trust": 0.3,
"vendor": "sierra",
"version": null
},
{
"model": "wireless airlink gx450 aleos",
"scope": "ne",
"trust": 0.3,
"vendor": "sierra",
"version": "4.9.4"
},
{
"model": "wireless airlink es450 aleos 4.9.4.p09",
"scope": "ne",
"trust": 0.3,
"vendor": "sierra",
"version": null
},
{
"model": "wireless airlink es450 aleos",
"scope": "ne",
"trust": 0.3,
"vendor": "sierra",
"version": "4.9.4"
}
],
"sources": [
{
"db": "BID",
"id": "108147"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015405"
},
{
"db": "NVD",
"id": "CVE-2018-4062"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sierrawireless:airlink_es450_firmware:4.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_es450:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4062"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Talos,Carl Hurd and Jared Rittle of Cisco Talos.,Carl Hurd and Jared Rittle of Cisco Talos reported these vulnerabilities to Sierra Wireless.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1182"
}
],
"trust": 0.6
},
"cve": "CVE-2018-4062",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-4062",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-134093",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-4062",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-4062",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-1182",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-134093",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134093"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015405"
},
{
"db": "NVD",
"id": "CVE-2018-4062"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1182"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A hard-coded credentials vulnerability exists in the snmpd function of the Sierra Wireless AirLink ES450 FW 4.9.3. Activating snmpd outside of the WebUI can cause the activation of the hard-coded credentials, resulting in the exposure of a privileged user. An attacker can activate snmpd without any configuration changes to trigger this vulnerability. Sierra Wireless AirLink ES450 The firmware contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. A command-injection vulnerability\n2. A security-bypass vulnerability\n3. A remote code-execution vulnerability\n4. An cross-site scripting vulnerability\n5. A cross-site request-forgery vulnerability\n6. Multiple information disclosure vulnerabilities\nAn attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, perform certain administrative actions and gain unauthorized access to the affected application, execute arbitrary code, execute arbitrary commands with system-level privileges, This may aid in further attacks. This vulnerability stems from the lack of an effective trust management mechanism in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4062"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015405"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "VULHUB",
"id": "VHN-134093"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-134093",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134093"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-4062",
"trust": 2.8
},
{
"db": "ICS CERT",
"id": "ICSA-19-122-03",
"trust": 2.8
},
{
"db": "TALOS",
"id": "TALOS-2018-0747",
"trust": 2.8
},
{
"db": "BID",
"id": "108147",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "152647",
"trust": 1.7
},
{
"db": "TALOS",
"id": "TALOS-2018-0746",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0752",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0748",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0754",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0750",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0751",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015405",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1182",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "47365",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1530.2",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-134093",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134093"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015405"
},
{
"db": "NVD",
"id": "CVE-2018-4062"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1182"
}
]
},
"id": "VAR-201905-0852",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-134093"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:18:02.423000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AirLink ES450",
"trust": 0.8,
"url": "https://www.sierrawireless.com/products-and-solutions/routers-gateways/es450/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015405"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134093"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015405"
},
{
"db": "NVD",
"id": "CVE-2018-4062"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-122-03"
},
{
"trust": 2.5,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2018-0747"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/108147"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/152647/sierra-wireless-airlink-es450-snmpd-hard-coded-credentials.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4062"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/es440-firmware/es440-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/es450/es450-firmware-package-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/gx400-firmware/gx400-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/gx450/gx450-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/ls300-firmware/ls300-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/mp70/mp70-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/rv50/rv50-firmware-list/"
},
{
"trust": 0.9,
"url": "https://www.sierrawireless.com/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---swi-psa-2019-003/"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0751"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0754"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0746"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0750"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0752"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0748"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0747"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/~/media/support_downloads/airlink/docs/technical%20bulletin/swi-psa-2019-003%20-%20talos%20cves%20-%2030apr2019.ashx?la=en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4062"
},
{
"trust": 0.6,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-9-d-4-release-notes/"
},
{
"trust": 0.6,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-4-d-8-release-notes/"
},
{
"trust": 0.6,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-11-d-2-release-notes/"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-122-03"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.1530.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/80158"
},
{
"trust": 0.6,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2018-0747"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47365"
},
{
"trust": 0.3,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,11,-d-,2-release-notes/"
},
{
"trust": 0.3,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,4,-d-,8-release-notes/"
},
{
"trust": 0.3,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,9,-d-,4-release-notes/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134093"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015405"
},
{
"db": "NVD",
"id": "CVE-2018-4062"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1182"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-134093"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015405"
},
{
"db": "NVD",
"id": "CVE-2018-4062"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1182"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-06T00:00:00",
"db": "VULHUB",
"id": "VHN-134093"
},
{
"date": "2019-04-25T00:00:00",
"db": "BID",
"id": "108147"
},
{
"date": "2019-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015405"
},
{
"date": "2019-05-06T19:29:00.577000",
"db": "NVD",
"id": "CVE-2018-4062"
},
{
"date": "2019-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1182"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-08T00:00:00",
"db": "VULHUB",
"id": "VHN-134093"
},
{
"date": "2019-04-25T00:00:00",
"db": "BID",
"id": "108147"
},
{
"date": "2019-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015405"
},
{
"date": "2019-05-08T17:03:19.923000",
"db": "NVD",
"id": "CVE-2018-4062"
},
{
"date": "2020-08-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1182"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1182"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sierra Wireless AirLink ES450 Vulnerabilities related to the use of hard-coded credentials in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015405"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1182"
}
],
"trust": 0.6
}
}
VAR-201905-0854
Vulnerability from variot - Updated: 2023-12-18 12:17An exploitable cross-site scripting vulnerability exists in the ACEManager ping_result.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the victim's browser. An attacker can get a victim to click a link, or embedded URL, that redirects to the reflected cross-site scripting vulnerability to trigger this vulnerability. The SierraWirelessAirLinkES450 is a cellular network modem device from Sierra Wireless, Canada. A cross-site scripting vulnerability exists in the ACEManagerping_result.cgi feature in the SierraWirelessAirLinkES450 using firmware version 4.9.3, which stems from the lack of proper validation of client data by web applications. An attacker could exploit the vulnerability to execute client code. A command-injection vulnerability 2. A security-bypass vulnerability 3. A remote code-execution vulnerability 4. An cross-site scripting vulnerability 5. A cross-site request-forgery vulnerability 6. Multiple information disclosure vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, perform certain administrative actions and gain unauthorized access to the affected application, execute arbitrary code, execute arbitrary commands with system-level privileges, This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0854",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "airlink es450",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": "4.9.3"
},
{
"model": "airlink es450",
"scope": "eq",
"trust": 0.8,
"vendor": "sierra",
"version": "fw 4.9.3"
},
{
"model": "wireless airlink es450 fw",
"scope": "eq",
"trust": 0.6,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "wireless airlink rv50x aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.2"
},
{
"model": "wireless airlink rv50 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.2"
},
{
"model": "wireless airlink mp70e aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.2"
},
{
"model": "wireless airlink mp70 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.2"
},
{
"model": "wireless airlink lx60 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.10"
},
{
"model": "wireless airlink lx40 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.1"
},
{
"model": "wireless airlink ls300 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.4.8"
},
{
"model": "wireless airlink gx450 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "wireless airlink gx440 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.4.8"
},
{
"model": "wireless airlink gx400 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.4.8"
},
{
"model": "wireless airlink es450 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "wireless airlink es440 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.4.8"
},
{
"model": "wireless airlink gx450 aleos 4.9.4.p09",
"scope": "ne",
"trust": 0.3,
"vendor": "sierra",
"version": null
},
{
"model": "wireless airlink gx450 aleos",
"scope": "ne",
"trust": 0.3,
"vendor": "sierra",
"version": "4.9.4"
},
{
"model": "wireless airlink es450 aleos 4.9.4.p09",
"scope": "ne",
"trust": 0.3,
"vendor": "sierra",
"version": null
},
{
"model": "wireless airlink es450 aleos",
"scope": "ne",
"trust": 0.3,
"vendor": "sierra",
"version": "4.9.4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14394"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015384"
},
{
"db": "NVD",
"id": "CVE-2018-4065"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sierrawireless:airlink_es450_firmware:4.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_es450:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4065"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Carl Hurd and Jared Rittle of Cisco Talos,Discovered by Carl Hurd of Cisco Talos.,Carl Hurd and Jared Rittle of Cisco Talos.,Carl Hurd and Jared Rittle of Cisco Talos reported these vulnerabilities to Sierra Wireless.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1196"
}
],
"trust": 0.6
},
"cve": "CVE-2018-4065",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-4065",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2019-14394",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-134096",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-4065",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-4065",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-14394",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-1196",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-134096",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14394"
},
{
"db": "VULHUB",
"id": "VHN-134096"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015384"
},
{
"db": "NVD",
"id": "CVE-2018-4065"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1196"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable cross-site scripting vulnerability exists in the ACEManager ping_result.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the victim\u0027s browser. An attacker can get a victim to click a link, or embedded URL, that redirects to the reflected cross-site scripting vulnerability to trigger this vulnerability. The SierraWirelessAirLinkES450 is a cellular network modem device from Sierra Wireless, Canada. A cross-site scripting vulnerability exists in the ACEManagerping_result.cgi feature in the SierraWirelessAirLinkES450 using firmware version 4.9.3, which stems from the lack of proper validation of client data by web applications. An attacker could exploit the vulnerability to execute client code. A command-injection vulnerability\n2. A security-bypass vulnerability\n3. A remote code-execution vulnerability\n4. An cross-site scripting vulnerability\n5. A cross-site request-forgery vulnerability\n6. Multiple information disclosure vulnerabilities\nAn attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, perform certain administrative actions and gain unauthorized access to the affected application, execute arbitrary code, execute arbitrary commands with system-level privileges, This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4065"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015384"
},
{
"db": "CNVD",
"id": "CNVD-2019-14394"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "VULHUB",
"id": "VHN-134096"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-134096",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134096"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "TALOS",
"id": "TALOS-2018-0750",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2018-4065",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-19-122-03",
"trust": 2.8
},
{
"db": "BID",
"id": "108147",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "152650",
"trust": 1.7
},
{
"db": "TALOS",
"id": "TALOS-2018-0746",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0752",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0748",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0754",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0747",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0751",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015384",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1196",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-14394",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47356",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1530.2",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-134096",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14394"
},
{
"db": "VULHUB",
"id": "VHN-134096"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015384"
},
{
"db": "NVD",
"id": "CVE-2018-4065"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1196"
}
]
},
"id": "VAR-201905-0854",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14394"
},
{
"db": "VULHUB",
"id": "VHN-134096"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14394"
}
]
},
"last_update_date": "2023-12-18T12:17:59.218000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AirLink ES450: LTE Enterprise Gateway",
"trust": 0.8,
"url": "https://www.sierrawireless.com/products-and-solutions/routers-gateways/es450/"
},
{
"title": "Patch for SierraWirelessAirLinkES450 Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/161293"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14394"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015384"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134096"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015384"
},
{
"db": "NVD",
"id": "CVE-2018-4065"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-122-03"
},
{
"trust": 2.5,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2018-0750"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/108147"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/152650/sierra-wireless-airlink-es450-acemanager-ping_result.cgi-cross-site-scripting.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4065"
},
{
"trust": 1.2,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2018-0750"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/es440-firmware/es440-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/es450/es450-firmware-package-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/gx400-firmware/gx400-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/gx450/gx450-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/ls300-firmware/ls300-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/mp70/mp70-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/rv50/rv50-firmware-list/"
},
{
"trust": 0.9,
"url": "https://www.sierrawireless.com/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---swi-psa-2019-003/"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0751"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0754"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0746"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0750"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0752"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0748"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0747"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/~/media/support_downloads/airlink/docs/technical%20bulletin/swi-psa-2019-003%20-%20talos%20cves%20-%2030apr2019.ashx?la=en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4065"
},
{
"trust": 0.6,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-9-d-4-release-notes/"
},
{
"trust": 0.6,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-4-d-8-release-notes/"
},
{
"trust": 0.6,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-11-d-2-release-notes/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47356"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152650/sierra-wireless-airlink-es450-acemanager-ping/result.cgi-cross-site-scripting.html"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-122-03"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.1530.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/80158"
},
{
"trust": 0.3,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,11,-d-,2-release-notes/"
},
{
"trust": 0.3,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,4,-d-,8-release-notes/"
},
{
"trust": 0.3,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,9,-d-,4-release-notes/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14394"
},
{
"db": "VULHUB",
"id": "VHN-134096"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015384"
},
{
"db": "NVD",
"id": "CVE-2018-4065"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1196"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-14394"
},
{
"db": "VULHUB",
"id": "VHN-134096"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015384"
},
{
"db": "NVD",
"id": "CVE-2018-4065"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1196"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-14394"
},
{
"date": "2019-05-06T00:00:00",
"db": "VULHUB",
"id": "VHN-134096"
},
{
"date": "2019-04-25T00:00:00",
"db": "BID",
"id": "108147"
},
{
"date": "2019-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015384"
},
{
"date": "2019-05-06T19:29:00.700000",
"db": "NVD",
"id": "CVE-2018-4065"
},
{
"date": "2019-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1196"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-14394"
},
{
"date": "2019-05-07T00:00:00",
"db": "VULHUB",
"id": "VHN-134096"
},
{
"date": "2019-04-25T00:00:00",
"db": "BID",
"id": "108147"
},
{
"date": "2019-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015384"
},
{
"date": "2019-05-07T20:29:01.173000",
"db": "NVD",
"id": "CVE-2018-4065"
},
{
"date": "2020-08-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1196"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1196"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sierra Wireless AirLink ES450 Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14394"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1196"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1196"
}
],
"trust": 0.6
}
}
VAR-201905-0855
Vulnerability from variot - Updated: 2023-12-18 12:17An exploitable cross-site request forgery vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause an authenticated user to perform privileged requests unknowingly, resulting in unauthenticated requests being requested through an authenticated user. An attacker can get an authenticated user to request authenticated pages on the attacker's behalf to trigger this vulnerability. The SierraWirelessAirLinkES450 is a cellular network modem device from Sierra Wireless, Canada. The vulnerability stems from the fact that the web application did not fully verify that the request came from a trusted user. A command-injection vulnerability 2. A security-bypass vulnerability 3. A remote code-execution vulnerability 4. An cross-site scripting vulnerability 5. A cross-site request-forgery vulnerability 6. Multiple information disclosure vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, perform certain administrative actions and gain unauthorized access to the affected application, execute arbitrary code, execute arbitrary commands with system-level privileges, This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0855",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "airlink es450",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": "4.9.3"
},
{
"model": "airlink es450",
"scope": "eq",
"trust": 0.8,
"vendor": "sierra",
"version": "fw 4.9.3"
},
{
"model": "wireless airlink es450",
"scope": "eq",
"trust": 0.6,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "wireless airlink rv50x aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.2"
},
{
"model": "wireless airlink rv50 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.2"
},
{
"model": "wireless airlink mp70e aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.2"
},
{
"model": "wireless airlink mp70 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.2"
},
{
"model": "wireless airlink lx60 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.10"
},
{
"model": "wireless airlink lx40 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.1"
},
{
"model": "wireless airlink ls300 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.4.8"
},
{
"model": "wireless airlink gx450 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "wireless airlink gx440 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.4.8"
},
{
"model": "wireless airlink gx400 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.4.8"
},
{
"model": "wireless airlink es450 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "wireless airlink es440 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.4.8"
},
{
"model": "wireless airlink gx450 aleos 4.9.4.p09",
"scope": "ne",
"trust": 0.3,
"vendor": "sierra",
"version": null
},
{
"model": "wireless airlink gx450 aleos",
"scope": "ne",
"trust": 0.3,
"vendor": "sierra",
"version": "4.9.4"
},
{
"model": "wireless airlink es450 aleos 4.9.4.p09",
"scope": "ne",
"trust": 0.3,
"vendor": "sierra",
"version": null
},
{
"model": "wireless airlink es450 aleos",
"scope": "ne",
"trust": 0.3,
"vendor": "sierra",
"version": "4.9.4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13406"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015385"
},
{
"db": "NVD",
"id": "CVE-2018-4066"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sierrawireless:airlink_es450_firmware:4.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_es450:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4066"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Carl Hurd and Jared Rittle of Cisco Talos.,Carl Hurd and Jared Rittle of Cisco Talos reported these vulnerabilities to Sierra Wireless.,Discovered by Carl Hurd and Jared Rittle of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1179"
}
],
"trust": 0.6
},
"cve": "CVE-2018-4066",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-4066",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2019-13406",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-134097",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-4066",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-4066",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-13406",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-1179",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-134097",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13406"
},
{
"db": "VULHUB",
"id": "VHN-134097"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015385"
},
{
"db": "NVD",
"id": "CVE-2018-4066"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1179"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable cross-site request forgery vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause an authenticated user to perform privileged requests unknowingly, resulting in unauthenticated requests being requested through an authenticated user. An attacker can get an authenticated user to request authenticated pages on the attacker\u0027s behalf to trigger this vulnerability. The SierraWirelessAirLinkES450 is a cellular network modem device from Sierra Wireless, Canada. The vulnerability stems from the fact that the web application did not fully verify that the request came from a trusted user. A command-injection vulnerability\n2. A security-bypass vulnerability\n3. A remote code-execution vulnerability\n4. An cross-site scripting vulnerability\n5. A cross-site request-forgery vulnerability\n6. Multiple information disclosure vulnerabilities\nAn attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, perform certain administrative actions and gain unauthorized access to the affected application, execute arbitrary code, execute arbitrary commands with system-level privileges, This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4066"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015385"
},
{
"db": "CNVD",
"id": "CNVD-2019-13406"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "VULHUB",
"id": "VHN-134097"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-134097",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134097"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-4066",
"trust": 3.4
},
{
"db": "TALOS",
"id": "TALOS-2018-0751",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-19-122-03",
"trust": 2.8
},
{
"db": "BID",
"id": "108147",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "152651",
"trust": 1.7
},
{
"db": "TALOS",
"id": "TALOS-2018-0746",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0752",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0748",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0754",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0747",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0750",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015385",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-13406",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1530.2",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47708",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1179",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-134097",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13406"
},
{
"db": "VULHUB",
"id": "VHN-134097"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015385"
},
{
"db": "NVD",
"id": "CVE-2018-4066"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1179"
}
]
},
"id": "VAR-201905-0855",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13406"
},
{
"db": "VULHUB",
"id": "VHN-134097"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13406"
}
]
},
"last_update_date": "2023-12-18T12:17:59.180000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AirLink ES450: LTE Enterprise Gateway",
"trust": 0.8,
"url": "https://www.sierrawireless.com/products-and-solutions/routers-gateways/es450/"
},
{
"title": "Patch for SierraWirelessAirLinkES450 Cross-Site Request Forgery Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/160591"
},
{
"title": "Sierra Wireless AirLink ES450 Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92005"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13406"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015385"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1179"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134097"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015385"
},
{
"db": "NVD",
"id": "CVE-2018-4066"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-122-03"
},
{
"trust": 2.5,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2018-0751"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/108147"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/152651/sierra-wireless-airlink-es450-acemanager-cross-site-request-forgery.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4066"
},
{
"trust": 1.2,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2018-0751"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/es440-firmware/es440-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/es450/es450-firmware-package-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/gx400-firmware/gx400-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/gx450/gx450-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/ls300-firmware/ls300-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/mp70/mp70-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/rv50/rv50-firmware-list/"
},
{
"trust": 0.9,
"url": "https://www.sierrawireless.com/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---swi-psa-2019-003/"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0751"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0754"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0746"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0750"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0752"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0748"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0747"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/~/media/support_downloads/airlink/docs/technical%20bulletin/swi-psa-2019-003%20-%20talos%20cves%20-%2030apr2019.ashx?la=en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4066"
},
{
"trust": 0.6,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-9-d-4-release-notes/"
},
{
"trust": 0.6,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-4-d-8-release-notes/"
},
{
"trust": 0.6,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-11-d-2-release-notes/"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-122-03"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.1530.2/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47708"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/80158"
},
{
"trust": 0.3,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,11,-d-,2-release-notes/"
},
{
"trust": 0.3,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,4,-d-,8-release-notes/"
},
{
"trust": 0.3,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,9,-d-,4-release-notes/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13406"
},
{
"db": "VULHUB",
"id": "VHN-134097"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015385"
},
{
"db": "NVD",
"id": "CVE-2018-4066"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1179"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-13406"
},
{
"db": "VULHUB",
"id": "VHN-134097"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015385"
},
{
"db": "NVD",
"id": "CVE-2018-4066"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1179"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-13406"
},
{
"date": "2019-05-06T00:00:00",
"db": "VULHUB",
"id": "VHN-134097"
},
{
"date": "2019-04-25T00:00:00",
"db": "BID",
"id": "108147"
},
{
"date": "2019-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015385"
},
{
"date": "2019-05-06T19:29:00.763000",
"db": "NVD",
"id": "CVE-2018-4066"
},
{
"date": "2019-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1179"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-13406"
},
{
"date": "2019-05-07T00:00:00",
"db": "VULHUB",
"id": "VHN-134097"
},
{
"date": "2019-04-25T00:00:00",
"db": "BID",
"id": "108147"
},
{
"date": "2019-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015385"
},
{
"date": "2019-05-07T20:29:01.360000",
"db": "NVD",
"id": "CVE-2018-4066"
},
{
"date": "2020-08-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1179"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1179"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sierra Wireless AirLink ES450 Cross-Site Request Forgery Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13406"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1179"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1179"
}
],
"trust": 0.6
}
}
VAR-201905-0851
Vulnerability from variot - Updated: 2023-12-18 12:17An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HTTP request to trigger this vulnerability. The Sierra Wireless AirLink ES450 is a cellular network modem device from Sierra Wireless, Canada. This vulnerability is caused by external input data constructing executable commands, and the network system or product does not properly filter the special elements. An attacker could exploit the vulnerability to execute an illegal command. A command-injection vulnerability 2. A security-bypass vulnerability 3. A remote code-execution vulnerability 4. An cross-site scripting vulnerability 5. A cross-site request-forgery vulnerability 6. Multiple information disclosure vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, perform certain administrative actions and gain unauthorized access to the affected application, execute arbitrary code, execute arbitrary commands with system-level privileges, This may aid in further attacks. element
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0851",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "airlink es450",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": "4.9.3"
},
{
"model": "airlink es450",
"scope": "eq",
"trust": 0.8,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "wireless airlink es450",
"scope": "eq",
"trust": 0.6,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "wireless airlink rv50x aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.2"
},
{
"model": "wireless airlink rv50 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.2"
},
{
"model": "wireless airlink mp70e aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.2"
},
{
"model": "wireless airlink mp70 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.2"
},
{
"model": "wireless airlink lx60 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.10"
},
{
"model": "wireless airlink lx40 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.1"
},
{
"model": "wireless airlink ls300 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.4.8"
},
{
"model": "wireless airlink gx450 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "wireless airlink gx440 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.4.8"
},
{
"model": "wireless airlink gx400 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.4.8"
},
{
"model": "wireless airlink es450 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "wireless airlink es440 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.4.8"
},
{
"model": "wireless airlink gx450 aleos 4.9.4.p09",
"scope": "ne",
"trust": 0.3,
"vendor": "sierra",
"version": null
},
{
"model": "wireless airlink gx450 aleos",
"scope": "ne",
"trust": 0.3,
"vendor": "sierra",
"version": "4.9.4"
},
{
"model": "wireless airlink es450 aleos 4.9.4.p09",
"scope": "ne",
"trust": 0.3,
"vendor": "sierra",
"version": null
},
{
"model": "wireless airlink es450 aleos",
"scope": "ne",
"trust": 0.3,
"vendor": "sierra",
"version": "4.9.4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13239"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015380"
},
{
"db": "NVD",
"id": "CVE-2018-4061"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sierrawireless:airlink_es450_firmware:4.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_es450:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4061"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Carl Hurd and Jared Rittle of Cisco Talos,Carl Hurd and Jared Rittle of Cisco Talos.,Carl Hurd and Jared Rittle of Cisco Talos reported these vulnerabilities to Sierra Wireless.,Discovered by Carl Hurd and Jared Rittle of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1202"
}
],
"trust": 0.6
},
"cve": "CVE-2018-4061",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-4061",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-13239",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-134092",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-4061",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-4061",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-13239",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-1202",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-134092",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13239"
},
{
"db": "VULHUB",
"id": "VHN-134092"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015380"
},
{
"db": "NVD",
"id": "CVE-2018-4061"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1202"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HTTP request to trigger this vulnerability. The Sierra Wireless AirLink ES450 is a cellular network modem device from Sierra Wireless, Canada. This vulnerability is caused by external input data constructing executable commands, and the network system or product does not properly filter the special elements. An attacker could exploit the vulnerability to execute an illegal command. A command-injection vulnerability\n2. A security-bypass vulnerability\n3. A remote code-execution vulnerability\n4. An cross-site scripting vulnerability\n5. A cross-site request-forgery vulnerability\n6. Multiple information disclosure vulnerabilities\nAn attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, perform certain administrative actions and gain unauthorized access to the affected application, execute arbitrary code, execute arbitrary commands with system-level privileges, This may aid in further attacks. element",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4061"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015380"
},
{
"db": "CNVD",
"id": "CNVD-2019-13239"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "VULHUB",
"id": "VHN-134092"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-134092",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134092"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "TALOS",
"id": "TALOS-2018-0746",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2018-4061",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-19-122-03",
"trust": 2.8
},
{
"db": "BID",
"id": "108147",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "152646",
"trust": 1.7
},
{
"db": "TALOS",
"id": "TALOS-2018-0752",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0748",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0754",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0747",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0750",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0751",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015380",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1202",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-13239",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1530.2",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47369",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-134092",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13239"
},
{
"db": "VULHUB",
"id": "VHN-134092"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015380"
},
{
"db": "NVD",
"id": "CVE-2018-4061"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1202"
}
]
},
"id": "VAR-201905-0851",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13239"
},
{
"db": "VULHUB",
"id": "VHN-134092"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13239"
}
]
},
"last_update_date": "2023-12-18T12:17:59.138000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AirLink ES450",
"trust": 0.8,
"url": "https://www.sierrawireless.com/products-and-solutions/routers-gateways/es450/"
},
{
"title": "Patch for Sierra Wireless AirLink ES450 Operating System Command Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/160399"
},
{
"title": "Sierra Wireless AirLink ES450 Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92016"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13239"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015380"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1202"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134092"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015380"
},
{
"db": "NVD",
"id": "CVE-2018-4061"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-122-03"
},
{
"trust": 2.5,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2018-0746"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/108147"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/152646/sierra-wireless-airlink-es450-acemanager-iplogging.cgi-command-injection.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4061"
},
{
"trust": 1.2,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2018-0746"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/es440-firmware/es440-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/es450/es450-firmware-package-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/gx400-firmware/gx400-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/gx450/gx450-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/ls300-firmware/ls300-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/mp70/mp70-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/rv50/rv50-firmware-list/"
},
{
"trust": 0.9,
"url": "https://www.sierrawireless.com/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---swi-psa-2019-003/"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0751"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0754"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0746"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0750"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0752"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0748"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0747"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/~/media/support_downloads/airlink/docs/technical%20bulletin/swi-psa-2019-003%20-%20talos%20cves%20-%2030apr2019.ashx?la=en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4061"
},
{
"trust": 0.6,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-9-d-4-release-notes/"
},
{
"trust": 0.6,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-4-d-8-release-notes/"
},
{
"trust": 0.6,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-11-d-2-release-notes/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47369"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-122-03"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.1530.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/80158"
},
{
"trust": 0.3,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,11,-d-,2-release-notes/"
},
{
"trust": 0.3,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,4,-d-,8-release-notes/"
},
{
"trust": 0.3,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,9,-d-,4-release-notes/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13239"
},
{
"db": "VULHUB",
"id": "VHN-134092"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015380"
},
{
"db": "NVD",
"id": "CVE-2018-4061"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1202"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-13239"
},
{
"db": "VULHUB",
"id": "VHN-134092"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015380"
},
{
"db": "NVD",
"id": "CVE-2018-4061"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1202"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-13239"
},
{
"date": "2019-05-06T00:00:00",
"db": "VULHUB",
"id": "VHN-134092"
},
{
"date": "2019-04-25T00:00:00",
"db": "BID",
"id": "108147"
},
{
"date": "2019-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015380"
},
{
"date": "2019-05-06T18:29:00.367000",
"db": "NVD",
"id": "CVE-2018-4061"
},
{
"date": "2019-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1202"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-13239"
},
{
"date": "2019-05-07T00:00:00",
"db": "VULHUB",
"id": "VHN-134092"
},
{
"date": "2019-04-25T00:00:00",
"db": "BID",
"id": "108147"
},
{
"date": "2019-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015380"
},
{
"date": "2019-05-07T20:29:00.657000",
"db": "NVD",
"id": "CVE-2018-4061"
},
{
"date": "2020-08-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1202"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1202"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sierra Wireless AirLink ES450 Operating System Command Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13239"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1202"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1202"
}
],
"trust": 0.6
}
}
VAR-201905-0856
Vulnerability from variot - Updated: 2023-12-18 12:17An exploitable information disclosure vulnerability exists in the ACEManager template_load.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a information leak, resulting in the disclosure of internal paths and files. An attacker can make an authenticated HTTP request to trigger this vulnerability. The SierraWirelessAirLinkES450 is a cellular network modem device from Sierra Wireless, Canada. The vulnerability stems from errors in the configuration of the network system or product during operation. An unauthorized attacker can exploit the vulnerability to obtain sensitive information about the affected component. A command-injection vulnerability 2. A security-bypass vulnerability 3. A remote code-execution vulnerability 4. An cross-site scripting vulnerability 5. A cross-site request-forgery vulnerability 6. Multiple information disclosure vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, perform certain administrative actions and gain unauthorized access to the affected application, execute arbitrary code, execute arbitrary commands with system-level privileges, This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0856",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "airlink es450",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": "4.9.3"
},
{
"model": "airlink es450",
"scope": "eq",
"trust": 0.8,
"vendor": "sierra",
"version": "fw 4.9.3"
},
{
"model": "wireless airlink es450",
"scope": "eq",
"trust": 0.6,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "wireless airlink rv50x aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.2"
},
{
"model": "wireless airlink rv50 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.2"
},
{
"model": "wireless airlink mp70e aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.2"
},
{
"model": "wireless airlink mp70 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.2"
},
{
"model": "wireless airlink lx60 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.10"
},
{
"model": "wireless airlink lx40 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.1"
},
{
"model": "wireless airlink ls300 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.4.8"
},
{
"model": "wireless airlink gx450 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "wireless airlink gx440 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.4.8"
},
{
"model": "wireless airlink gx400 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.4.8"
},
{
"model": "wireless airlink es450 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "wireless airlink es440 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.4.8"
},
{
"model": "wireless airlink gx450 aleos 4.9.4.p09",
"scope": "ne",
"trust": 0.3,
"vendor": "sierra",
"version": null
},
{
"model": "wireless airlink gx450 aleos",
"scope": "ne",
"trust": 0.3,
"vendor": "sierra",
"version": "4.9.4"
},
{
"model": "wireless airlink es450 aleos 4.9.4.p09",
"scope": "ne",
"trust": 0.3,
"vendor": "sierra",
"version": null
},
{
"model": "wireless airlink es450 aleos",
"scope": "ne",
"trust": 0.3,
"vendor": "sierra",
"version": "4.9.4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13397"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015386"
},
{
"db": "NVD",
"id": "CVE-2018-4067"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sierrawireless:airlink_es450_firmware:4.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_es450:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4067"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Carl Hurd and Jared Rittle of Cisco Talos.,Carl Hurd and Jared Rittle of Cisco Talos reported these vulnerabilities to Sierra Wireless,Carl Hurd and Jared Rittle of Cisco Talos reported these vulnerabilities to Sierra Wireless.,Discovered by Carl Hurd and Jared Rittle of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1173"
}
],
"trust": 0.6
},
"cve": "CVE-2018-4067",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-4067",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-13397",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-134098",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-4067",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-4067",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-13397",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-1173",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-134098",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13397"
},
{
"db": "VULHUB",
"id": "VHN-134098"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015386"
},
{
"db": "NVD",
"id": "CVE-2018-4067"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1173"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable information disclosure vulnerability exists in the ACEManager template_load.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a information leak, resulting in the disclosure of internal paths and files. An attacker can make an authenticated HTTP request to trigger this vulnerability. The SierraWirelessAirLinkES450 is a cellular network modem device from Sierra Wireless, Canada. The vulnerability stems from errors in the configuration of the network system or product during operation. An unauthorized attacker can exploit the vulnerability to obtain sensitive information about the affected component. A command-injection vulnerability\n2. A security-bypass vulnerability\n3. A remote code-execution vulnerability\n4. An cross-site scripting vulnerability\n5. A cross-site request-forgery vulnerability\n6. Multiple information disclosure vulnerabilities\nAn attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, perform certain administrative actions and gain unauthorized access to the affected application, execute arbitrary code, execute arbitrary commands with system-level privileges, This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4067"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015386"
},
{
"db": "CNVD",
"id": "CNVD-2019-13397"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "VULHUB",
"id": "VHN-134098"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-134098",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134098"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "TALOS",
"id": "TALOS-2018-0752",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2018-4067",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-19-122-03",
"trust": 2.8
},
{
"db": "BID",
"id": "108147",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "152652",
"trust": 1.7
},
{
"db": "TALOS",
"id": "TALOS-2018-0746",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0748",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0754",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0747",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0750",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0751",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015386",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1173",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-13397",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47364",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1530.2",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-134098",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13397"
},
{
"db": "VULHUB",
"id": "VHN-134098"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015386"
},
{
"db": "NVD",
"id": "CVE-2018-4067"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1173"
}
]
},
"id": "VAR-201905-0856",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13397"
},
{
"db": "VULHUB",
"id": "VHN-134098"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13397"
}
]
},
"last_update_date": "2023-12-18T12:17:59.099000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AirLink ES450: LTE Enterprise Gateway",
"trust": 0.8,
"url": "https://www.sierrawireless.com/products-and-solutions/routers-gateways/es450/"
},
{
"title": "Patch for SierraWirelessAirLinkES450 Information Disclosure Vulnerability (CNVD-2019-13397)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/160539"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13397"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015386"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134098"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015386"
},
{
"db": "NVD",
"id": "CVE-2018-4067"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-122-03"
},
{
"trust": 2.5,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2018-0752"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/108147"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/152652/sierra-wireless-airlink-es450-acemanager-template_load.cgi-information-disclosure.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4067"
},
{
"trust": 1.2,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2018-0752"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/es440-firmware/es440-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/es450/es450-firmware-package-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/gx400-firmware/gx400-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/gx450/gx450-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/ls300-firmware/ls300-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/mp70/mp70-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/rv50/rv50-firmware-list/"
},
{
"trust": 0.9,
"url": "https://www.sierrawireless.com/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---swi-psa-2019-003/"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0751"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0754"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0746"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0750"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0752"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0748"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0747"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/~/media/support_downloads/airlink/docs/technical%20bulletin/swi-psa-2019-003%20-%20talos%20cves%20-%2030apr2019.ashx?la=en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4067"
},
{
"trust": 0.6,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-9-d-4-release-notes/"
},
{
"trust": 0.6,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-4-d-8-release-notes/"
},
{
"trust": 0.6,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-11-d-2-release-notes/"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-122-03"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.1530.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/80158"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47364"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152652/sierra-wireless-airlink-es450-acemanager-template/load.cgi-information-disclosure.html"
},
{
"trust": 0.3,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,11,-d-,2-release-notes/"
},
{
"trust": 0.3,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,4,-d-,8-release-notes/"
},
{
"trust": 0.3,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,9,-d-,4-release-notes/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13397"
},
{
"db": "VULHUB",
"id": "VHN-134098"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015386"
},
{
"db": "NVD",
"id": "CVE-2018-4067"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1173"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-13397"
},
{
"db": "VULHUB",
"id": "VHN-134098"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015386"
},
{
"db": "NVD",
"id": "CVE-2018-4067"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1173"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-13397"
},
{
"date": "2019-05-06T00:00:00",
"db": "VULHUB",
"id": "VHN-134098"
},
{
"date": "2019-04-25T00:00:00",
"db": "BID",
"id": "108147"
},
{
"date": "2019-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015386"
},
{
"date": "2019-05-06T19:29:00.840000",
"db": "NVD",
"id": "CVE-2018-4067"
},
{
"date": "2019-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1173"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-13397"
},
{
"date": "2019-05-07T00:00:00",
"db": "VULHUB",
"id": "VHN-134098"
},
{
"date": "2019-04-25T00:00:00",
"db": "BID",
"id": "108147"
},
{
"date": "2019-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015386"
},
{
"date": "2019-05-07T20:29:01.563000",
"db": "NVD",
"id": "CVE-2018-4067"
},
{
"date": "2020-08-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1173"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1173"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sierra Wireless AirLink ES450 FW Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015386"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1173"
}
],
"trust": 0.6
}
}
VAR-201905-0858
Vulnerability from variot - Updated: 2023-12-18 12:17An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintext XML to the web server. An attacker can listen to network traffic upstream from the device to capitalize on this vulnerability. The SierraWirelessAirLinkES450 is a cellular network modem device from Sierra Wireless, Canada. A command-injection vulnerability 2. A security-bypass vulnerability 3. A remote code-execution vulnerability 4. An cross-site scripting vulnerability 5. A cross-site request-forgery vulnerability 6. Multiple information disclosure vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, perform certain administrative actions and gain unauthorized access to the affected application, execute arbitrary code, execute arbitrary commands with system-level privileges, This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0858",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "airlink es450",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": "4.9.3"
},
{
"model": "airlink es450",
"scope": "eq",
"trust": 0.8,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "wireless airlink es450",
"scope": "eq",
"trust": 0.6,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "wireless airlink rv50x aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.2"
},
{
"model": "wireless airlink rv50 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.2"
},
{
"model": "wireless airlink mp70e aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.2"
},
{
"model": "wireless airlink mp70 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.2"
},
{
"model": "wireless airlink lx60 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.10"
},
{
"model": "wireless airlink lx40 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.1"
},
{
"model": "wireless airlink ls300 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.4.8"
},
{
"model": "wireless airlink gx450 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "wireless airlink gx440 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.4.8"
},
{
"model": "wireless airlink gx400 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.4.8"
},
{
"model": "wireless airlink es450 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "wireless airlink es440 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.4.8"
},
{
"model": "wireless airlink gx450 aleos 4.9.4.p09",
"scope": "ne",
"trust": 0.3,
"vendor": "sierra",
"version": null
},
{
"model": "wireless airlink gx450 aleos",
"scope": "ne",
"trust": 0.3,
"vendor": "sierra",
"version": "4.9.4"
},
{
"model": "wireless airlink es450 aleos 4.9.4.p09",
"scope": "ne",
"trust": 0.3,
"vendor": "sierra",
"version": null
},
{
"model": "wireless airlink es450 aleos",
"scope": "ne",
"trust": 0.3,
"vendor": "sierra",
"version": "4.9.4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13242"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015382"
},
{
"db": "NVD",
"id": "CVE-2018-4069"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sierrawireless:airlink_es450_firmware:4.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_es450:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4069"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Carl Hurd and Jared Rittle of Cisco Talos,Discovered by Carl Hurd of Cisco Talos.,Carl Hurd and Jared Rittle of Cisco Talos.,Carl Hurd and Jared Rittle of Cisco Talos reported these vulnerabilities to Sierra Wireless.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1210"
}
],
"trust": 0.6
},
"cve": "CVE-2018-4069",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-4069",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2019-13242",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-134100",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-4069",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-4069",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-13242",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-1210",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-134100",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13242"
},
{
"db": "VULHUB",
"id": "VHN-134100"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015382"
},
{
"db": "NVD",
"id": "CVE-2018-4069"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1210"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintext XML to the web server. An attacker can listen to network traffic upstream from the device to capitalize on this vulnerability. The SierraWirelessAirLinkES450 is a cellular network modem device from Sierra Wireless, Canada. A command-injection vulnerability\n2. A security-bypass vulnerability\n3. A remote code-execution vulnerability\n4. An cross-site scripting vulnerability\n5. A cross-site request-forgery vulnerability\n6. Multiple information disclosure vulnerabilities\nAn attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, perform certain administrative actions and gain unauthorized access to the affected application, execute arbitrary code, execute arbitrary commands with system-level privileges, This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4069"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015382"
},
{
"db": "CNVD",
"id": "CNVD-2019-13242"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "VULHUB",
"id": "VHN-134100"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "TALOS",
"id": "TALOS-2018-0754",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2018-4069",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-19-122-03",
"trust": 2.8
},
{
"db": "BID",
"id": "108147",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "152654",
"trust": 1.7
},
{
"db": "TALOS",
"id": "TALOS-2018-0746",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0752",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0748",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0747",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0750",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0751",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015382",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1210",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-13242",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1530.2",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47375",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-134100",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13242"
},
{
"db": "VULHUB",
"id": "VHN-134100"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015382"
},
{
"db": "NVD",
"id": "CVE-2018-4069"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1210"
}
]
},
"id": "VAR-201905-0858",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13242"
},
{
"db": "VULHUB",
"id": "VHN-134100"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13242"
}
]
},
"last_update_date": "2023-12-18T12:17:59.062000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AirLink ES450",
"trust": 0.8,
"url": "https://www.sierrawireless.com/products-and-solutions/routers-gateways/es450/"
},
{
"title": "Patch for SierraWirelessAirLinkES450 Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/160409"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13242"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015382"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134100"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015382"
},
{
"db": "NVD",
"id": "CVE-2018-4069"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-122-03"
},
{
"trust": 2.5,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2018-0754"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/108147"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/152654/sierra-wireless-airlink-es450-acemanager-information-exposure.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4069"
},
{
"trust": 1.2,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2018-0754"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/es440-firmware/es440-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/es450/es450-firmware-package-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/gx400-firmware/gx400-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/gx450/gx450-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/ls300-firmware/ls300-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/mp70/mp70-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/rv50/rv50-firmware-list/"
},
{
"trust": 0.9,
"url": "https://www.sierrawireless.com/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---swi-psa-2019-003/"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0751"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0754"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0746"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0750"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0752"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0748"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0747"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/~/media/support_downloads/airlink/docs/technical%20bulletin/swi-psa-2019-003%20-%20talos%20cves%20-%2030apr2019.ashx?la=en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4069"
},
{
"trust": 0.6,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-9-d-4-release-notes/"
},
{
"trust": 0.6,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-4-d-8-release-notes/"
},
{
"trust": 0.6,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-11-d-2-release-notes/"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-122-03"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.1530.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/80158"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47375"
},
{
"trust": 0.3,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,11,-d-,2-release-notes/"
},
{
"trust": 0.3,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,4,-d-,8-release-notes/"
},
{
"trust": 0.3,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,9,-d-,4-release-notes/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13242"
},
{
"db": "VULHUB",
"id": "VHN-134100"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015382"
},
{
"db": "NVD",
"id": "CVE-2018-4069"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1210"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-13242"
},
{
"db": "VULHUB",
"id": "VHN-134100"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015382"
},
{
"db": "NVD",
"id": "CVE-2018-4069"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1210"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-13242"
},
{
"date": "2019-05-06T00:00:00",
"db": "VULHUB",
"id": "VHN-134100"
},
{
"date": "2019-04-25T00:00:00",
"db": "BID",
"id": "108147"
},
{
"date": "2019-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015382"
},
{
"date": "2019-05-06T18:29:00.477000",
"db": "NVD",
"id": "CVE-2018-4069"
},
{
"date": "2019-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1210"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-13242"
},
{
"date": "2019-05-07T00:00:00",
"db": "VULHUB",
"id": "VHN-134100"
},
{
"date": "2019-04-25T00:00:00",
"db": "BID",
"id": "108147"
},
{
"date": "2019-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015382"
},
{
"date": "2019-05-07T20:29:01.750000",
"db": "NVD",
"id": "CVE-2018-4069"
},
{
"date": "2020-08-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1210"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1210"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sierra Wireless AirLink ES450 Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13242"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1210"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1210"
}
],
"trust": 0.6
}
}
VAR-201401-0052
Vulnerability from variot - Updated: 2023-12-18 12:08The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to install Trojan horse firmware by leveraging cleartext credentials in a crafted (1) update or (2) reprogramming action. AirLink Raven X EV-DO is a small 3G network smart modem. AirLink Raven X EV-DO has an information disclosure vulnerability. Because the program fails to use encryption during the update and reprogramming process, the attacker can reprogram the firmware using the username and password stored in clear text. AirLink Raven X EV-DO is prone to an information-disclosure vulnerability Successful exploits will allow attackers to obtain sensitive information, such as user credentials, that may lead to further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0052",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "raven x ev-do",
"scope": "eq",
"trust": 1.6,
"vendor": "sierrawireless",
"version": "4228_4.0.11.003"
},
{
"model": "raven x ev-do",
"scope": "eq",
"trust": 1.6,
"vendor": "sierrawireless",
"version": "4221_4.0.11.003"
},
{
"model": "airlink mp verizon wifi",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": null
},
{
"model": "pinpoint x",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": null
},
{
"model": "airlink mp row wifi",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": null
},
{
"model": "raven xe",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": null
},
{
"model": "raven x ev-do",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": null
},
{
"model": "pinpoint xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": null
},
{
"model": "airlink mp row",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": null
},
{
"model": "raven xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": null
},
{
"model": "airlink mp at\\\u0026t",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": null
},
{
"model": "airlink mp telus",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": null
},
{
"model": "airlink mp telus wifi",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": null
},
{
"model": "airlink mp bell wifi",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": null
},
{
"model": "airlink mp sprint wifi",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": null
},
{
"model": "airlink mp at\\\u0026t wifi",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": null
},
{
"model": "raven x",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": null
},
{
"model": "airlink mp verizon",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": null
},
{
"model": "airlink mp bell",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": null
},
{
"model": "airlink mp sprint",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": null
},
{
"model": "airlink mp at\u0026t",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "airlink mp at\u0026t wifi",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "airlink mp bell",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "airlink mp bell wifi",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "airlink mp row",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "airlink mp row wifi",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "airlink mp sprint",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "airlink mp sprint wifi",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "airlink mp telus",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "airlink mp telus wifi",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "airlink mp verizon",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "airlink mp verizon wifi",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "pinpooint x",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "pinpooint xt",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "raven x",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "raven x ev-do",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "raven x ev-do",
"scope": "eq",
"trust": 0.8,
"vendor": "sierra",
"version": "4221_4.0.11.003"
},
{
"model": "raven x ev-do",
"scope": "eq",
"trust": 0.8,
"vendor": "sierra",
"version": "4228_4.0.11.003"
},
{
"model": "raven xe",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "raven xt",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "wireless airlink raven ev-do 4221 4.0.11.003",
"scope": "eq",
"trust": 0.6,
"vendor": "sierra",
"version": "x"
},
{
"model": "wireless airlink raven ev-do 4228 4.0.11.003",
"scope": "eq",
"trust": 0.6,
"vendor": "sierra",
"version": "x"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00190"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001184"
},
{
"db": "NVD",
"id": "CVE-2013-2819"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-179"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sierrawireless:raven_x_ev-do_firmware:4221_4.0.11.003:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sierrawireless:raven_x_ev-do_firmware:4228_4.0.11.003:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:pinpoint_xt:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:pinpoint_x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:raven_xt:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:raven_xe:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_mp_at\\\u0026t:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_mp_bell:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_mp_sprint_wifi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_mp_verizon_wifi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_mp_telus:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_mp_telus_wifi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_mp_row:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_mp_row_wifi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_mp_sprint:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_mp_at\\\u0026t_wifi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_mp_bell_wifi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_mp_verizon:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:raven_x_ev-do:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:raven_x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2819"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cimation",
"sources": [
{
"db": "BID",
"id": "64702"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-179"
}
],
"trust": 0.9
},
"cve": "CVE-2013-2819",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2013-2819",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-00190",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-62821",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-2819",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-00190",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-179",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-62821",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00190"
},
{
"db": "VULHUB",
"id": "VHN-62821"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001184"
},
{
"db": "NVD",
"id": "CVE-2013-2819"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-179"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to install Trojan horse firmware by leveraging cleartext credentials in a crafted (1) update or (2) reprogramming action. AirLink Raven X EV-DO is a small 3G network smart modem. AirLink Raven X EV-DO has an information disclosure vulnerability. Because the program fails to use encryption during the update and reprogramming process, the attacker can reprogram the firmware using the username and password stored in clear text. AirLink Raven X EV-DO is prone to an information-disclosure vulnerability\nSuccessful exploits will allow attackers to obtain sensitive information, such as user credentials, that may lead to further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2819"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001184"
},
{
"db": "CNVD",
"id": "CNVD-2014-00190"
},
{
"db": "BID",
"id": "64702"
},
{
"db": "VULHUB",
"id": "VHN-62821"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-2819",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-14-007-01A",
"trust": 2.5
},
{
"db": "BID",
"id": "64702",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001184",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-179",
"trust": 0.7
},
{
"db": "ICS CERT",
"id": "ICSA-14-007-01",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2014-00190",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-62821",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00190"
},
{
"db": "VULHUB",
"id": "VHN-62821"
},
{
"db": "BID",
"id": "64702"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001184"
},
{
"db": "NVD",
"id": "CVE-2013-2819"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-179"
}
]
},
"id": "VAR-201401-0052",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00190"
},
{
"db": "VULHUB",
"id": "VHN-62821"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00190"
}
]
},
"last_update_date": "2023-12-18T12:08:54.442000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AirLink RavenSecurity Vulnerability",
"trust": 0.8,
"url": "http://www.sierrawireless.com/resources/support/airlink/docs/raven%20security%20vulnerability%202014-01-10.pdf"
},
{
"title": "AirLink Raven X EV-DO Information Disclosure Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/42227"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00190"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001184"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-62821"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001184"
},
{
"db": "NVD",
"id": "CVE-2013-2819"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-007-01a"
},
{
"trust": 1.7,
"url": "http://www.sierrawireless.com/resources/support/airlink/docs/raven%20security%20vulnerability%202014-01-10.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2819"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2819"
},
{
"trust": 0.6,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-007-01"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/64702"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00190"
},
{
"db": "VULHUB",
"id": "VHN-62821"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001184"
},
{
"db": "NVD",
"id": "CVE-2013-2819"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-179"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-00190"
},
{
"db": "VULHUB",
"id": "VHN-62821"
},
{
"db": "BID",
"id": "64702"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001184"
},
{
"db": "NVD",
"id": "CVE-2013-2819"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-179"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00190"
},
{
"date": "2014-01-15T00:00:00",
"db": "VULHUB",
"id": "VHN-62821"
},
{
"date": "2014-01-07T00:00:00",
"db": "BID",
"id": "64702"
},
{
"date": "2014-01-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001184"
},
{
"date": "2014-01-15T16:08:13.017000",
"db": "NVD",
"id": "CVE-2013-2819"
},
{
"date": "2014-01-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-179"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00190"
},
{
"date": "2014-01-16T00:00:00",
"db": "VULHUB",
"id": "VHN-62821"
},
{
"date": "2014-07-25T00:47:00",
"db": "BID",
"id": "64702"
},
{
"date": "2014-01-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001184"
},
{
"date": "2014-01-16T16:44:54.317000",
"db": "NVD",
"id": "CVE-2013-2819"
},
{
"date": "2014-01-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-179"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-179"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sierra Wireless AirLink Raven X EV-DO Gateway Trojan Firmware Installation Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001184"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-179"
}
],
"trust": 0.6
}
}
VAR-201401-0053
Vulnerability from variot - Updated: 2023-12-18 12:08The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to reprogram the firmware via a replay attack using UDP ports 17336 and 17388. AirLink Raven X EV-DO is a small 3G network smart modem. Allows remote attackers to exploit vulnerabilities to send specially crafted requests to the 17336/UDP and 17388/UDP ports to reprogram the device firmware image, bypassing authentication and unauthorized access to the device. Successful exploits may allow attackers to bypass authentication through a replay attack and perform unauthorized actions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0053",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "raven x ev-do",
"scope": "eq",
"trust": 1.6,
"vendor": "sierrawireless",
"version": "4228_4.0.11.003"
},
{
"model": "raven x ev-do",
"scope": "eq",
"trust": 1.6,
"vendor": "sierrawireless",
"version": "4221_4.0.11.003"
},
{
"model": "airlink mp verizon wifi",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": null
},
{
"model": "pinpoint x",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": null
},
{
"model": "airlink mp row wifi",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": null
},
{
"model": "raven xe",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": null
},
{
"model": "raven x ev-do",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": null
},
{
"model": "pinpoint xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": null
},
{
"model": "airlink mp row",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": null
},
{
"model": "raven xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": null
},
{
"model": "airlink mp at\\\u0026t",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": null
},
{
"model": "airlink mp telus",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": null
},
{
"model": "airlink mp telus wifi",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": null
},
{
"model": "airlink mp bell wifi",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": null
},
{
"model": "airlink mp sprint wifi",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": null
},
{
"model": "airlink mp at\\\u0026t wifi",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": null
},
{
"model": "raven x",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": null
},
{
"model": "airlink mp verizon",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": null
},
{
"model": "airlink mp bell",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": null
},
{
"model": "airlink mp sprint",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": null
},
{
"model": "airlink mp at\u0026t",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "airlink mp at\u0026t wifi",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "airlink mp bell",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "airlink mp bell wifi",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "airlink mp row",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "airlink mp row wifi",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "airlink mp sprint",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "airlink mp sprint wifi",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "airlink mp telus",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "airlink mp telus wifi",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "airlink mp verizon",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "airlink mp verizon wifi",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "pinpooint x",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "pinpooint xt",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "raven x",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "raven x ev-do",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "raven x ev-do",
"scope": "eq",
"trust": 0.8,
"vendor": "sierra",
"version": "4221_4.0.11.003"
},
{
"model": "raven x ev-do",
"scope": "eq",
"trust": 0.8,
"vendor": "sierra",
"version": "4228_4.0.11.003"
},
{
"model": "raven xe",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "raven xt",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "wireless airlink raven ev-do 4221 4.0.11.003",
"scope": "eq",
"trust": 0.6,
"vendor": "sierra",
"version": "x"
},
{
"model": "wireless airlink raven ev-do 4228 4.0.11.003",
"scope": "eq",
"trust": 0.6,
"vendor": "sierra",
"version": "x"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00188"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001185"
},
{
"db": "NVD",
"id": "CVE-2013-2820"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-180"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sierrawireless:raven_x_ev-do_firmware:4221_4.0.11.003:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sierrawireless:raven_x_ev-do_firmware:4228_4.0.11.003:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_mp_row:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_mp_row_wifi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_mp_sprint:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_mp_sprint_wifi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_mp_verizon:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_mp_bell:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_mp_telus:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_mp_verizon_wifi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:pinpoint_xt:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_mp_at\\\u0026t:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_mp_at\\\u0026t_wifi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:raven_xt:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:raven_xe:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:raven_x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_mp_bell_wifi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_mp_telus_wifi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:raven_x_ev-do:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:pinpoint_x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2820"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cimation",
"sources": [
{
"db": "BID",
"id": "64704"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-180"
}
],
"trust": 0.9
},
"cve": "CVE-2013-2820",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2013-2820",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-00188",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-62822",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-2820",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-00188",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-180",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-62822",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00188"
},
{
"db": "VULHUB",
"id": "VHN-62822"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001185"
},
{
"db": "NVD",
"id": "CVE-2013-2820"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-180"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to reprogram the firmware via a replay attack using UDP ports 17336 and 17388. AirLink Raven X EV-DO is a small 3G network smart modem. Allows remote attackers to exploit vulnerabilities to send specially crafted requests to the 17336/UDP and 17388/UDP ports to reprogram the device firmware image, bypassing authentication and unauthorized access to the device. \nSuccessful exploits may allow attackers to bypass authentication through a replay attack and perform unauthorized actions",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2820"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001185"
},
{
"db": "CNVD",
"id": "CNVD-2014-00188"
},
{
"db": "BID",
"id": "64704"
},
{
"db": "VULHUB",
"id": "VHN-62822"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-2820",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-14-007-01A",
"trust": 2.5
},
{
"db": "BID",
"id": "64704",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001185",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-180",
"trust": 0.7
},
{
"db": "ICS CERT",
"id": "ICSA-14-007-01",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2014-00188",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-62822",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00188"
},
{
"db": "VULHUB",
"id": "VHN-62822"
},
{
"db": "BID",
"id": "64704"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001185"
},
{
"db": "NVD",
"id": "CVE-2013-2820"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-180"
}
]
},
"id": "VAR-201401-0053",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00188"
},
{
"db": "VULHUB",
"id": "VHN-62822"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00188"
}
]
},
"last_update_date": "2023-12-18T12:08:54.409000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AirLink RavenSecurity Vulnerability",
"trust": 0.8,
"url": "http://www.sierrawireless.com/resources/support/airlink/docs/raven%20security%20vulnerability%202014-01-10.pdf"
},
{
"title": "AirLink Raven X EV-DO Replay Security Vulnerability Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/42228"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00188"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001185"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-62822"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001185"
},
{
"db": "NVD",
"id": "CVE-2013-2820"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-007-01a"
},
{
"trust": 1.7,
"url": "http://www.sierrawireless.com/resources/support/airlink/docs/raven%20security%20vulnerability%202014-01-10.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2820"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2820"
},
{
"trust": 0.6,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-007-01"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/64704"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00188"
},
{
"db": "VULHUB",
"id": "VHN-62822"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001185"
},
{
"db": "NVD",
"id": "CVE-2013-2820"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-180"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-00188"
},
{
"db": "VULHUB",
"id": "VHN-62822"
},
{
"db": "BID",
"id": "64704"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001185"
},
{
"db": "NVD",
"id": "CVE-2013-2820"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-180"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00188"
},
{
"date": "2014-01-15T00:00:00",
"db": "VULHUB",
"id": "VHN-62822"
},
{
"date": "2014-01-07T00:00:00",
"db": "BID",
"id": "64704"
},
{
"date": "2014-01-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001185"
},
{
"date": "2014-01-15T16:08:18.110000",
"db": "NVD",
"id": "CVE-2013-2820"
},
{
"date": "2014-01-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-180"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00188"
},
{
"date": "2014-01-16T00:00:00",
"db": "VULHUB",
"id": "VHN-62822"
},
{
"date": "2014-07-25T00:18:00",
"db": "BID",
"id": "64704"
},
{
"date": "2014-01-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001185"
},
{
"date": "2014-01-16T16:47:38.633000",
"db": "NVD",
"id": "CVE-2013-2820"
},
{
"date": "2014-01-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-180"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-180"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AirLink Raven X EV-DO Replay Security Bypass Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00188"
},
{
"db": "BID",
"id": "64704"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-180"
}
],
"trust": 0.6
}
}
CVE-2023-40465 (GCVE-0-2023-40465)
Vulnerability from cvelistv5 – Published: 2023-12-04 23:02 – Updated: 2024-08-02 18:31
VLAI
Title
Improper input leads to DoS
Summary
Several versions of
ALEOS, including ALEOS 4.16.0, include an opensource
third-party
component which can be exploited from the local
area network,
resulting in a Denial of Service condition for the captive portal.
Severity
8.3 (High)
4.3 (Medium)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SierraWireless | ALEOS |
Affected:
4.10 , ≤ 4.16
(Custom)
Affected: 0 , ≤ 4.9.8 (Custom) |
Date Public
2023-11-28 18:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:53.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ALEOS",
"vendor": "SierraWireless",
"versions": [
{
"lessThanOrEqual": "4.16",
"status": "affected",
"version": "4.10",
"versionType": "Custom"
},
{
"lessThanOrEqual": "4.9.8",
"status": "affected",
"version": "0",
"versionType": "Custom"
}
]
}
],
"datePublic": "2023-11-28T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\n\n\n\n\n\n\n\n\u003cp\u003eSeveral versions of\nALEOS, including ALEOS 4.16.0, include an opensource\u003c/p\u003e\n\n\u003cp\u003ethird-party\ncomponent which can be exploited from the local\u003c/p\u003e\n\n\u003cp\u003earea network,\nresulting in a Denial of Service condition for the captive portal.\u003c/p\u003e\n\n\n\n\n\n"
}
],
"value": "\n\n\n\n\n\n\n\n\n\nSeveral versions of\nALEOS, including ALEOS 4.16.0, include an opensource\n\n\n\nthird-party\ncomponent which can be exploited from the local\n\n\n\narea network,\nresulting in a Denial of Service condition for the captive portal.\n\n\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Remote-Code Execution"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Denial of Service"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-04T23:02:04.103Z",
"orgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"shortName": "SWI"
},
"references": [
{
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper input leads to DoS",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"assignerShortName": "SWI",
"cveId": "CVE-2023-40465",
"datePublished": "2023-12-04T23:02:04.103Z",
"dateReserved": "2023-08-14T20:59:20.798Z",
"dateUpdated": "2024-08-02T18:31:53.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40464 (GCVE-0-2023-40464)
Vulnerability from cvelistv5 – Published: 2023-12-04 22:59 – Updated: 2026-02-25 17:20
VLAI
Title
Use of hardcoded certificate and private key
Summary
Several versions of
ALEOS, including ALEOS 4.16.0, use a hardcoded
SSL certificate and
private key. An attacker with access to these items
could potentially
perform a man in the middle attack between the
ACEManager client
and ACEManager server.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SierraWireless | ALEOS |
Affected:
4.10 , ≤ 4.16
(Custom)
Affected: 0 , ≤ 4.9.8 (Custom) |
Date Public
2023-11-28 18:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:54.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40464",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-23T05:01:12.548893Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T17:20:06.330Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ALEOS",
"vendor": "SierraWireless",
"versions": [
{
"lessThanOrEqual": "4.16",
"status": "affected",
"version": "4.10",
"versionType": "Custom"
},
{
"lessThanOrEqual": "4.9.8",
"status": "affected",
"version": "0",
"versionType": "Custom"
}
]
}
],
"datePublic": "2023-11-28T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\n\n\n\n\n\n\n\n\u003cp\u003eSeveral versions of\nALEOS, including ALEOS 4.16.0, use a hardcoded\u003c/p\u003e\n\n\u003cp\u003eSSL certificate and\nprivate key. An attacker with access to these items\u003c/p\u003e\n\n\u003cp\u003ecould potentially\nperform a man in the middle attack between the\u003c/p\u003e\n\n\u003cp\u003eACEManager client\nand ACEManager server.\u003c/p\u003e\n\n\n\n\n\n"
}
],
"value": "\n\n\n\n\n\n\n\n\n\nSeveral versions of\nALEOS, including ALEOS 4.16.0, use a hardcoded\n\n\n\nSSL certificate and\nprivate key. An attacker with access to these items\n\n\n\ncould potentially\nperform a man in the middle attack between the\n\n\n\nACEManager client\nand ACEManager server.\n\n\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-191",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-191 Read Sensitive Strings Within an Executable"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-04T22:59:33.449Z",
"orgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"shortName": "SWI"
},
"references": [
{
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Use of hardcoded certificate and private key",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"assignerShortName": "SWI",
"cveId": "CVE-2023-40464",
"datePublished": "2023-12-04T22:59:33.449Z",
"dateReserved": "2023-08-14T20:59:20.798Z",
"dateUpdated": "2026-02-25T17:20:06.330Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-40465 (GCVE-0-2023-40465)
Vulnerability from nvd – Published: 2023-12-04 23:02 – Updated: 2024-08-02 18:31
VLAI
Title
Improper input leads to DoS
Summary
Several versions of
ALEOS, including ALEOS 4.16.0, include an opensource
third-party
component which can be exploited from the local
area network,
resulting in a Denial of Service condition for the captive portal.
Severity
8.3 (High)
4.3 (Medium)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SierraWireless | ALEOS |
Affected:
4.10 , ≤ 4.16
(Custom)
Affected: 0 , ≤ 4.9.8 (Custom) |
Date Public
2023-11-28 18:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:53.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ALEOS",
"vendor": "SierraWireless",
"versions": [
{
"lessThanOrEqual": "4.16",
"status": "affected",
"version": "4.10",
"versionType": "Custom"
},
{
"lessThanOrEqual": "4.9.8",
"status": "affected",
"version": "0",
"versionType": "Custom"
}
]
}
],
"datePublic": "2023-11-28T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\n\n\n\n\n\n\n\n\u003cp\u003eSeveral versions of\nALEOS, including ALEOS 4.16.0, include an opensource\u003c/p\u003e\n\n\u003cp\u003ethird-party\ncomponent which can be exploited from the local\u003c/p\u003e\n\n\u003cp\u003earea network,\nresulting in a Denial of Service condition for the captive portal.\u003c/p\u003e\n\n\n\n\n\n"
}
],
"value": "\n\n\n\n\n\n\n\n\n\nSeveral versions of\nALEOS, including ALEOS 4.16.0, include an opensource\n\n\n\nthird-party\ncomponent which can be exploited from the local\n\n\n\narea network,\nresulting in a Denial of Service condition for the captive portal.\n\n\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Remote-Code Execution"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Denial of Service"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-04T23:02:04.103Z",
"orgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"shortName": "SWI"
},
"references": [
{
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper input leads to DoS",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"assignerShortName": "SWI",
"cveId": "CVE-2023-40465",
"datePublished": "2023-12-04T23:02:04.103Z",
"dateReserved": "2023-08-14T20:59:20.798Z",
"dateUpdated": "2024-08-02T18:31:53.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}