RSS   Vulnerabilities for 'Airlink raven xe firmware'   RSS

2017-06-29
 
CVE-2017-6046

 

 
An Insufficiently Protected Credentials issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Sensitive information is insufficiently protected during transmission and vulnerable to sniffing, which could lead to information disclosure.

 
 
CVE-2017-6044

 

 
An Improper Authorization issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Several files and directories can be accessed without authentication, which may allow a remote attacker to perform sensitive functions including arbitrary file upload, file download, and device reboot.

 
 
CVE-2017-6042

 

 
A Cross-Site Request Forgery issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Affected devices do not verify if a request was intentionally sent by the logged-in user, which may allow an attacker to trick a client into making an unintentional request to the web server that will be treated as an authentic request.

 

 >>> Vendor: Sierra wireless 6 Products
Sierra wireless aircard 760s
Sierra wireless aircard 762s
Sierra wireless aircard 763s
Aleos
Airlink raven xe firmware
Airlink raven xt firmware


Copyright 2018, cxsecurity.com

 

Back to Top