CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
76.9%
The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to install Trojan horse firmware by leveraging cleartext credentials in a crafted (1) update or (2) reprogramming action.
Vendor | Product | Version | CPE |
---|---|---|---|
sierrawireless | raven_x_ev-do_firmware | 4221_4.0.11.003 | cpe:2.3:o:sierrawireless:raven_x_ev-do_firmware:4221_4.0.11.003:*:*:*:*:*:*:* |
sierrawireless | raven_x_ev-do_firmware | 4228_4.0.11.003 | cpe:2.3:o:sierrawireless:raven_x_ev-do_firmware:4228_4.0.11.003:*:*:*:*:*:*:* |
sierrawireless | airlink_mp_at\&t | - | cpe:2.3:h:sierrawireless:airlink_mp_at\&t:-:*:*:*:*:*:*:* |
sierrawireless | airlink_mp_at\&t_wifi | - | cpe:2.3:h:sierrawireless:airlink_mp_at\&t_wifi:-:*:*:*:*:*:*:* |
sierrawireless | airlink_mp_bell | - | cpe:2.3:h:sierrawireless:airlink_mp_bell:-:*:*:*:*:*:*:* |
sierrawireless | airlink_mp_bell_wifi | - | cpe:2.3:h:sierrawireless:airlink_mp_bell_wifi:-:*:*:*:*:*:*:* |
sierrawireless | airlink_mp_row | - | cpe:2.3:h:sierrawireless:airlink_mp_row:-:*:*:*:*:*:*:* |
sierrawireless | airlink_mp_row_wifi | - | cpe:2.3:h:sierrawireless:airlink_mp_row_wifi:-:*:*:*:*:*:*:* |
sierrawireless | airlink_mp_sprint | - | cpe:2.3:h:sierrawireless:airlink_mp_sprint:-:*:*:*:*:*:*:* |
sierrawireless | airlink_mp_sprint_wifi | - | cpe:2.3:h:sierrawireless:airlink_mp_sprint_wifi:-:*:*:*:*:*:*:* |