Lucene search

[email protected]CVE-2013-2819

HistoryJan 15, 2014 - 4:08 p.m.

CVE-2013-2819

2014-01-1516:08:13

CWE-255

[email protected]

web.nvd.nist.gov

sierra wireless

airlink raven x

ev-do gateway

cve-2013-2819

cleartext credentials

firmware

remote attackers

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.0%

JSON

The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to install Trojan horse firmware by leveraging cleartext credentials in a crafted (1) update or (2) reprogramming action.

Affected configurations

NVD

Node

sierrawirelessraven_x_ev-do_firmwareMatch4221_4.0.11.003

sierrawirelessraven_x_ev-do_firmwareMatch4228_4.0.11.003

AND

sierrawirelessairlink_mp_at\&tMatch-

sierrawirelessairlink_mp_at\&t_wifiMatch-

sierrawirelessairlink_mp_bellMatch-

sierrawirelessairlink_mp_bell_wifiMatch-

sierrawirelessairlink_mp_rowMatch-

sierrawirelessairlink_mp_row_wifiMatch-

sierrawirelessairlink_mp_sprintMatch-

sierrawirelessairlink_mp_sprint_wifiMatch-

sierrawirelessairlink_mp_telusMatch-

sierrawirelessairlink_mp_telus_wifiMatch-

sierrawirelessairlink_mp_verizonMatch-

sierrawirelessairlink_mp_verizon_wifiMatch-

sierrawirelesspinpoint_xMatch-

sierrawirelesspinpoint_xtMatch-

sierrawirelessraven_xMatch-

sierrawirelessraven_x_ev-doMatch-

sierrawirelessraven_xeMatch-

sierrawirelessraven_xtMatch-

CPENameOperatorVersion
sierrawireless:raven_x_ev-do_firmwaresierrawireless raven x ev-do firmwareeq4221_4.0.11.003
sierrawireless:raven_x_ev-do_firmwaresierrawireless raven x ev-do firmwareeq4228_4.0.11.003
sierrawireless:airlink_mp_at\&tsierrawireless airlink mp at&teq-
sierrawireless:airlink_mp_at\&t_wifisierrawireless airlink mp at&t wifieq-
sierrawireless:airlink_mp_bellsierrawireless airlink mp belleq-
sierrawireless:airlink_mp_bell_wifisierrawireless airlink mp bell wifieq-
sierrawireless:airlink_mp_rowsierrawireless airlink mp roweq-
sierrawireless:airlink_mp_row_wifisierrawireless airlink mp row wifieq-
sierrawireless:airlink_mp_sprintsierrawireless airlink mp sprinteq-
sierrawireless:airlink_mp_sprint_wifisierrawireless airlink mp sprint wifieq-

CPE	Name	Operator	Version
sierrawireless:raven_x_ev-do_firmware	sierrawireless raven x ev-do firmware	eq	4221_4.0.11.003
sierrawireless:raven_x_ev-do_firmware	sierrawireless raven x ev-do firmware	eq	4228_4.0.11.003
sierrawireless:airlink_mp_at\&t	sierrawireless airlink mp at&t	eq	-
sierrawireless:airlink_mp_at\&t_wifi	sierrawireless airlink mp at&t wifi	eq	-
sierrawireless:airlink_mp_bell	sierrawireless airlink mp bell	eq	-
sierrawireless:airlink_mp_bell_wifi	sierrawireless airlink mp bell wifi	eq	-
sierrawireless:airlink_mp_row	sierrawireless airlink mp row	eq	-
sierrawireless:airlink_mp_row_wifi	sierrawireless airlink mp row wifi	eq	-
sierrawireless:airlink_mp_sprint	sierrawireless airlink mp sprint	eq	-
sierrawireless:airlink_mp_sprint_wifi	sierrawireless airlink mp sprint wifi	eq	-

Rows per page:

1-10 of 201

References

ics-cert.us-cert.gov/advisories/ICSA-14-007-01A

www.sierrawireless.com/resources/support/airlink/docs/raven%20security%20vulnerability%202014-01-10.pdf

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.0%

JSON

Related for CVE-2013-2819

cvelist1 prion1 nvd1 ics1