VAR-201702-0485
Vulnerability from variot - Updated: 2024-02-14 23:07An issue was discovered on SendQuick Entera and Avera devices before 2HF16. Multiple Command Injection vulnerabilities allow attackers to execute arbitrary system commands. SendQuick Entera and Avera SMS Gateway Appliances are prone to a remote command-injection vulnerability. TalariaX SendQuick Entera and Avera are products of TalariaX Company in Singapore. The former is a web-based server management system, and the latter is a plug-and-play network monitoring system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0485",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "entera sms gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "sendquick",
"version": null
},
{
"model": "avera sms gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "sendquick",
"version": null
},
{
"model": "sendquick avera",
"scope": null,
"trust": 0.8,
"vendor": "talariax pte",
"version": null
},
{
"model": "sendquick avera",
"scope": "lt",
"trust": 0.8,
"vendor": "talariax pte",
"version": "2hf16"
},
{
"model": "sendquick entera",
"scope": null,
"trust": 0.8,
"vendor": "talariax pte",
"version": null
},
{
"model": "sendquick entera",
"scope": "lt",
"trust": 0.8,
"vendor": "talariax pte",
"version": "2hf16"
},
{
"model": "entera sms gateway 2hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "sendquick",
"version": "20141225"
},
{
"model": "avera sms gateway 2hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "sendquick",
"version": "20141225"
},
{
"model": "entera sms gateway 2hf16",
"scope": "ne",
"trust": 0.3,
"vendor": "sendquick",
"version": "20141225"
},
{
"model": "avera sms gateway 2hf16",
"scope": "ne",
"trust": 0.3,
"vendor": "sendquick",
"version": "20141225"
}
],
"sources": [
{
"db": "BID",
"id": "96129"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001475"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-809"
},
{
"db": "NVD",
"id": "CVE-2016-10098"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sendquick:entera_sms_gateway_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sendquick:entera_sms_gateway:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sendquick:avera_sms_gateway_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sendquick:avera_sms_gateway:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-10098"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NianTech.",
"sources": [
{
"db": "BID",
"id": "96129"
}
],
"trust": 0.3
},
"cve": "CVE-2016-10098",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-10098",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-88840",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-10098",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-10098",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201612-809",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-88840",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88840"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001475"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-809"
},
{
"db": "NVD",
"id": "CVE-2016-10098"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on SendQuick Entera and Avera devices before 2HF16. Multiple Command Injection vulnerabilities allow attackers to execute arbitrary system commands. SendQuick Entera and Avera SMS Gateway Appliances are prone to a remote command-injection vulnerability. TalariaX SendQuick Entera and Avera are products of TalariaX Company in Singapore. The former is a web-based server management system, and the latter is a plug-and-play network monitoring system",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-10098"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001475"
},
{
"db": "BID",
"id": "96129"
},
{
"db": "VULHUB",
"id": "VHN-88840"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-10098",
"trust": 2.8
},
{
"db": "BID",
"id": "96129",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001475",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201612-809",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-88840",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88840"
},
{
"db": "BID",
"id": "96129"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001475"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-809"
},
{
"db": "NVD",
"id": "CVE-2016-10098"
}
]
},
"id": "VAR-201702-0485",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-88840"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-14T23:07:12.955000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "sendQuick Avera",
"trust": 0.8,
"url": "http://www.talariax.com/web/avera.html"
},
{
"title": "sendQuick Entera",
"trust": 0.8,
"url": "http://www.talariax.com/web/entera.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001475"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88840"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001475"
},
{
"db": "NVD",
"id": "CVE-2016-10098"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://niantech.io/blog/2017/02/05/vulns-multiple-vulns-in-sendquick-entera-avera-sms-gateway-appliances/"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/96129"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10098"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-10098"
},
{
"trust": 0.3,
"url": "http://www.sendquick.com.au"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88840"
},
{
"db": "BID",
"id": "96129"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001475"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-809"
},
{
"db": "NVD",
"id": "CVE-2016-10098"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-88840"
},
{
"db": "BID",
"id": "96129"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001475"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-809"
},
{
"db": "NVD",
"id": "CVE-2016-10098"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-05T00:00:00",
"db": "VULHUB",
"id": "VHN-88840"
},
{
"date": "2017-02-05T00:00:00",
"db": "BID",
"id": "96129"
},
{
"date": "2017-02-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001475"
},
{
"date": "2017-01-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-809"
},
{
"date": "2017-02-05T18:59:00.133000",
"db": "NVD",
"id": "CVE-2016-10098"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-10T00:00:00",
"db": "VULHUB",
"id": "VHN-88840"
},
{
"date": "2017-03-07T03:02:00",
"db": "BID",
"id": "96129"
},
{
"date": "2017-02-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001475"
},
{
"date": "2017-02-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-809"
},
{
"date": "2024-02-14T01:17:43.863000",
"db": "NVD",
"id": "CVE-2016-10098"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-809"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SendQuick Entera and Avera Multiple command insertion vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001475"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-809"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…