VAR-201502-0204
Vulnerability from variot - Updated: 2024-02-13 23:00CRLF injection vulnerability in export.cfg in the web-based administrative console for Sierra Wireless AirCard 760S, 762S, and 763S allows remote attackers to inject arbitrary headers via CRLF sequences in the save parameter. Supplementary information : CWE Vulnerability type by CWE-93: Improper Neutralization of CRLF Sequences (CRLF injection ) Has been identified. http://cwe.mitre.org/data/definitions/93.htmlBy a third party save Parameter CRLF Arbitrary headers may be inserted through the sequence. The Sierra Wireless AirCard 760S, 762S and 763S are mobile broadband devices from Sierra Wireless, Canada. A successful attack may allow attackers to insert a crafted HTTP header into an HTTP response that could cause a web page redirection to a possible malicious website; this may aid in launching further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201502-0204",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wireless aircard 763s",
"scope": null,
"trust": 2.3,
"vendor": "sierra",
"version": null
},
{
"model": "wireless aircard 762s",
"scope": null,
"trust": 2.3,
"vendor": "sierra",
"version": null
},
{
"model": "wireless aircard 760s",
"scope": null,
"trust": 2.3,
"vendor": "sierra",
"version": null
},
{
"model": "wireless aircard 760s",
"scope": "eq",
"trust": 1.0,
"vendor": "sierra",
"version": "*"
},
{
"model": "wireless aircard 762s",
"scope": "eq",
"trust": 1.0,
"vendor": "sierra",
"version": "*"
},
{
"model": "wireless aircard 763s",
"scope": "eq",
"trust": 1.0,
"vendor": "sierra",
"version": "*"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01554"
},
{
"db": "BID",
"id": "74875"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001594"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-365"
},
{
"db": "NVD",
"id": "CVE-2015-2054"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sierra_wireless:sierra_wireless_aircard_760s:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sierra_wireless:sierra_wireless_aircard_762s:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sierra_wireless:sierra_wireless_aircard_763s:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2054"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luke Walker",
"sources": [
{
"db": "BID",
"id": "74875"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2054",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-2054",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-01554",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-80015",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-2054",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-01554",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201502-365",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-80015",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-2054",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01554"
},
{
"db": "VULHUB",
"id": "VHN-80015"
},
{
"db": "VULMON",
"id": "CVE-2015-2054"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001594"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-365"
},
{
"db": "NVD",
"id": "CVE-2015-2054"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CRLF injection vulnerability in export.cfg in the web-based administrative console for Sierra Wireless AirCard 760S, 762S, and 763S allows remote attackers to inject arbitrary headers via CRLF sequences in the save parameter. Supplementary information : CWE Vulnerability type by CWE-93: Improper Neutralization of CRLF Sequences (CRLF injection ) Has been identified. http://cwe.mitre.org/data/definitions/93.htmlBy a third party save Parameter CRLF Arbitrary headers may be inserted through the sequence. The Sierra Wireless AirCard 760S, 762S and 763S are mobile broadband devices from Sierra Wireless, Canada. \nA successful attack may allow attackers to insert a crafted HTTP header into an HTTP response that could cause a web page redirection to a possible malicious website; this may aid in launching further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2054"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001594"
},
{
"db": "CNVD",
"id": "CNVD-2015-01554"
},
{
"db": "BID",
"id": "74875"
},
{
"db": "VULHUB",
"id": "VHN-80015"
},
{
"db": "VULMON",
"id": "CVE-2015-2054"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-2054",
"trust": 3.5
},
{
"db": "BID",
"id": "74875",
"trust": 2.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001594",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201502-365",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-01554",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-80015",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-2054",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01554"
},
{
"db": "VULHUB",
"id": "VHN-80015"
},
{
"db": "VULMON",
"id": "CVE-2015-2054"
},
{
"db": "BID",
"id": "74875"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001594"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-365"
},
{
"db": "NVD",
"id": "CVE-2015-2054"
}
]
},
"id": "VAR-201502-0204",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01554"
},
{
"db": "VULHUB",
"id": "VHN-80015"
}
],
"trust": 1.2999999999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01554"
}
]
},
"last_update_date": "2024-02-13T23:00:38.938000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Sierra Wireless AirCard",
"trust": 0.8,
"url": "http://support.netgear.com/search/aircard"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.sierrawireless.com"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001594"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001594"
},
{
"db": "NVD",
"id": "CVE-2015-2054"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "http://seclists.org/fulldisclosure/2015/jan/58"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/74875"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2054"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2054"
},
{
"trust": 0.3,
"url": "http://www.sierrawireless.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01554"
},
{
"db": "VULHUB",
"id": "VHN-80015"
},
{
"db": "VULMON",
"id": "CVE-2015-2054"
},
{
"db": "BID",
"id": "74875"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001594"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-365"
},
{
"db": "NVD",
"id": "CVE-2015-2054"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-01554"
},
{
"db": "VULHUB",
"id": "VHN-80015"
},
{
"db": "VULMON",
"id": "CVE-2015-2054"
},
{
"db": "BID",
"id": "74875"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001594"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-365"
},
{
"db": "NVD",
"id": "CVE-2015-2054"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01554"
},
{
"date": "2015-02-23T00:00:00",
"db": "VULHUB",
"id": "VHN-80015"
},
{
"date": "2015-02-23T00:00:00",
"db": "VULMON",
"id": "CVE-2015-2054"
},
{
"date": "2015-01-14T00:00:00",
"db": "BID",
"id": "74875"
},
{
"date": "2015-02-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001594"
},
{
"date": "2015-02-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-365"
},
{
"date": "2015-02-23T17:59:11.150000",
"db": "NVD",
"id": "CVE-2015-2054"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01554"
},
{
"date": "2016-11-30T00:00:00",
"db": "VULHUB",
"id": "VHN-80015"
},
{
"date": "2016-11-30T00:00:00",
"db": "VULMON",
"id": "CVE-2015-2054"
},
{
"date": "2015-01-14T00:00:00",
"db": "BID",
"id": "74875"
},
{
"date": "2015-02-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001594"
},
{
"date": "2015-02-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-365"
},
{
"date": "2016-11-30T03:00:46.893000",
"db": "NVD",
"id": "CVE-2015-2054"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-365"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Sierra Wireless AirCard for Web Based management console export.cfg In CRLF Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001594"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-365"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…