Multiple stack buffer overflow vulnerabilities in Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to execute arbitrary code or crash the web service via the (1) ateFunc, (2) ateGain, (3) ateTxCount, (4) ateChan, (5) ateRate, (6) ateMacID, (7) e2pTxPower1, (8) e2pTxPower2, (9) e2pTxPower3, (10) e2pTxPower4, (11) e2pTxPower5, (12) e2pTxPower6, (13) e2pTxPower7, (14) e2pTx2Power1, (15) e2pTx2Power2, (16) e2pTx2Power3, (17) e2pTx2Power4, (18) e2pTx2Power5, (19) e2pTx2Power6, (20) e2pTx2Power7, (21) ateTxFreqOffset, (22) ateMode, (23) ateBW, (24) ateAntenna, (25) e2pTxFreqOffset, (26) e2pTxPwDeltaB, (27) e2pTxPwDeltaG, (28) e2pTxPwDeltaMix, (29) e2pTxPwDeltaN, and (30) readE2P parameters of the /goform/formWlanMP endpoint.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| jensenofscandinavia | air:link_3g_firmware | 2.23m |
| jensenofscandinavia | air:link_5000ac_firmware | 1.13 |
| jensenofscandinavia | air:link_59300_firmware | 1.04 |
Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to execute arbitrary commands via shell metacharacters to certain /goform/* pages.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-77,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| jensenofscandinavia | al3g_firmware | 2.23m |
| jensenofscandinavia | al5000ac_firmware | 1.13 |
| jensenofscandinavia | al59300_firmware | 1.04 |
Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to conduct CSRF attacks via certain /goform/* pages.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| jensenofscandinavia | al3g_firmware | 2.23m |
| jensenofscandinavia | al5000ac_firmware | 1.13 |
| jensenofscandinavia | al59300_firmware | 1.04 |
Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to read passwords via a direct request to the x.asp page.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| jensenofscandinavia | al3g_firmware | 2.23m |
| jensenofscandinavia | al5000ac_firmware | 1.13 |
| jensenofscandinavia | al59300_firmware | 1.04 |
Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to conduct Open Redirect attacks via the submit-url parameter to certain /goform/* pages.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-601,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| jensenofscandinavia | al3g_firmware | 2.23m |
| jensenofscandinavia | al5000ac_firmware | 1.13 |
| jensenofscandinavia | al59300_firmware | 1.04 |
Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to conduct Open Redirect attacks via the return-url parameter to /goform/formLogout.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-601,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| jensenofscandinavia | al3g_firmware | 2.23m |
| jensenofscandinavia | al5000ac_firmware | 1.13 |
| jensenofscandinavia | al59300_firmware | 1.04 |
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a command injection vulnerability in the function formWriteFacMac. This vulnerability allows attackers to execute arbitrary commands via manipulation of the mac parameter.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| jensenofscandinavia | eagle_1200ac_firmware | 15.03.06.33_en |