MidnightBSD

Advisories for sierra_wireless

CVE-2015-2054 MEDIUM

CRLF injection vulnerability in export.cfg in the web-based administrative console for Sierra Wireless AirCard 760S, 762S, and 763S allows remote attackers to inject arbitrary headers via CRLF sequences in the save parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sierra_wireless sierra_wireless_aircard_760s *
sierra_wireless sierra_wireless_aircard_762s *
sierra_wireless sierra_wireless_aircard_763s *
CVE-2017-6042 MEDIUM

A Cross-Site Request Forgery issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Affected devices do not verify if a request was intentionally sent by the logged-in user, which may allow an attacker to trick a client into making an unintentional request to the web server that will be treated as an authentic request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,CWE-352,

Products Affected

Vendor Product Version
sierra_wireless airlink_raven_xe_firmware *
sierra_wireless airlink_raven_xt_firmware -
CVE-2017-6044 HIGH

An Improper Authorization issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Several files and directories can be accessed without authentication, which may allow a remote attacker to perform sensitive functions including arbitrary file upload, file download, and device reboot.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-285,CWE-306,

Products Affected

Vendor Product Version
sierra_wireless airlink_raven_xe_firmware *
sierra_wireless airlink_raven_xt_firmware -
CVE-2017-6046 MEDIUM

An Insufficiently Protected Credentials issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Sensitive information is insufficiently protected during transmission and vulnerable to sniffing, which could lead to information disclosure.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,CWE-200,

Products Affected

Vendor Product Version
sierra_wireless airlink_raven_xe_firmware *
sierra_wireless airlink_raven_xt_firmware -