ID
VAR-E-201501-0484
CVE
| cve_id: | CVE-2015-2054 | Trust: 0.3 |
TITLE
Sierra Wireless AirCard 'export.cfg' HTTP Header Injection Vulnerability
Trust: 0.3
DESCRIPTION
Sierra Wireless AirCard is prone to an HTTP header-injection vulnerability.
A successful attack may allow attackers to insert a crafted HTTP header into an HTTP response that could cause a web page redirection to a possible malicious website; this may aid in launching further attacks.
Sierra Wireless AirCard versions 760S, 762S, and 763S are vulnerable.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | sierra | model: | wireless aircard 763s | scope: | - | version: | - | Trust: 0.3 |
| vendor: | sierra | model: | wireless aircard 762s | scope: | - | version: | - | Trust: 0.3 |
| vendor: | sierra | model: | wireless aircard 760s | scope: | - | version: | - | Trust: 0.3 |
EXPLOIT
The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
CREDITS
Luke Walker
Trust: 0.3
EXTERNAL IDS
| db: | NVD | id: | CVE-2015-2054 | Trust: 0.3 |
| db: | BID | id: | 74875 | Trust: 0.3 |
REFERENCES
| url: | http://www.sierrawireless.com/ | Trust: 0.3 |
| url: | http://seclists.org/fulldisclosure/2015/jan/58 | Trust: 0.3 |
SOURCES
| db: | BID | id: | 74875 |
LAST UPDATE DATE
2022-07-27T09:15:31.378000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 74875 | date: | 2015-01-14T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 74875 | date: | 2015-01-14T00:00:00 |