ID
VAR-201401-0052
CVE
CVE-2013-2819
TITLE
Sierra Wireless AirLink Raven X EV-DO Gateway Trojan Firmware Installation Vulnerability
Trust: 0.8
sources:
JVNDB: JVNDB-2014-001184
DESCRIPTION
The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to install Trojan horse firmware by leveraging cleartext credentials in a crafted (1) update or (2) reprogramming action. AirLink Raven X EV-DO is a small 3G network smart modem. AirLink Raven X EV-DO has an information disclosure vulnerability. Because the program fails to use encryption during the update and reprogramming process, the attacker can reprogram the firmware using the username and password stored in clear text. AirLink Raven X EV-DO is prone to an information-disclosure vulnerability Successful exploits will allow attackers to obtain sensitive information, such as user credentials, that may lead to further attacks
Trust: 2.52
sources:
NVD: CVE-2013-2819 //
JVNDB: JVNDB-2014-001184 //
CNVD: CNVD-2014-00190 //
BID: 64702 //
VULHUB: VHN-62821
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2014-00190
AFFECTED PRODUCTS
| vendor: | sierrawireless | model: | raven x ev-do | scope: | eq | version: | 4221_4.0.11.003 | Trust: 1.6 |
| vendor: | sierrawireless | model: | raven x ev-do | scope: | eq | version: | 4228_4.0.11.003 | Trust: 1.6 |
| vendor: | sierrawireless | model: | airlink mp verizon wifi | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | sierrawireless | model: | airlink mp verizon | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | sierrawireless | model: | airlink mp bell wifi | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | sierrawireless | model: | airlink mp row wifi | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | sierrawireless | model: | airlink mp row | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | sierrawireless | model: | raven x | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | sierrawireless | model: | raven xt | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | sierrawireless | model: | airlink mp bell | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | sierrawireless | model: | raven xe | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | sierrawireless | model: | airlink mp sprint | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | sierrawireless | model: | airlink mp telus wifi | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | sierrawireless | model: | airlink mp sprint wifi | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | sierrawireless | model: | pinpoint x | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | sierrawireless | model: | raven x ev-do | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | sierrawireless | model: | pinpoint xt | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | sierrawireless | model: | airlink mp telus | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | sierrawireless | model: | airlink mp at\&t | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | sierrawireless | model: | airlink mp at\&t wifi | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | sierra | model: | airlink mp at&t | scope: | - | version: | - | Trust: 0.8 |
| vendor: | sierra | model: | airlink mp at&t wifi | scope: | - | version: | - | Trust: 0.8 |
| vendor: | sierra | model: | airlink mp bell | scope: | - | version: | - | Trust: 0.8 |
| vendor: | sierra | model: | airlink mp bell wifi | scope: | - | version: | - | Trust: 0.8 |
| vendor: | sierra | model: | airlink mp row | scope: | - | version: | - | Trust: 0.8 |
| vendor: | sierra | model: | airlink mp row wifi | scope: | - | version: | - | Trust: 0.8 |
| vendor: | sierra | model: | airlink mp sprint | scope: | - | version: | - | Trust: 0.8 |
| vendor: | sierra | model: | airlink mp sprint wifi | scope: | - | version: | - | Trust: 0.8 |
| vendor: | sierra | model: | airlink mp telus | scope: | - | version: | - | Trust: 0.8 |
| vendor: | sierra | model: | airlink mp telus wifi | scope: | - | version: | - | Trust: 0.8 |
| vendor: | sierra | model: | airlink mp verizon | scope: | - | version: | - | Trust: 0.8 |
| vendor: | sierra | model: | airlink mp verizon wifi | scope: | - | version: | - | Trust: 0.8 |
| vendor: | sierra | model: | pinpooint x | scope: | - | version: | - | Trust: 0.8 |
| vendor: | sierra | model: | pinpooint xt | scope: | - | version: | - | Trust: 0.8 |
| vendor: | sierra | model: | raven x | scope: | - | version: | - | Trust: 0.8 |
| vendor: | sierra | model: | raven x ev-do | scope: | - | version: | - | Trust: 0.8 |
| vendor: | sierra | model: | raven x ev-do | scope: | eq | version: | 4221_4.0.11.003 | Trust: 0.8 |
| vendor: | sierra | model: | raven x ev-do | scope: | eq | version: | 4228_4.0.11.003 | Trust: 0.8 |
| vendor: | sierra | model: | raven xe | scope: | - | version: | - | Trust: 0.8 |
| vendor: | sierra | model: | raven xt | scope: | - | version: | - | Trust: 0.8 |
| vendor: | sierra | model: | wireless airlink raven ev-do 4221 4.0.11.003 | scope: | eq | version: | x | Trust: 0.6 |
| vendor: | sierra | model: | wireless airlink raven ev-do 4228 4.0.11.003 | scope: | eq | version: | x | Trust: 0.6 |
sources:
CNVD: CNVD-2014-00190 //
JVNDB: JVNDB-2014-001184 //
CNNVD: CNNVD-201401-179 //
NVD: CVE-2013-2819
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
CNVD: CNVD-2014-00190 //
VULHUB: VHN-62821 //
JVNDB: JVNDB-2014-001184 //
CNNVD: CNNVD-201401-179 //
NVD: CVE-2013-2819
PROBLEMTYPE DATA
| problemtype: | CWE-255 | Trust: 1.9 |
sources:
VULHUB: VHN-62821 //
JVNDB: JVNDB-2014-001184 //
NVD: CVE-2013-2819
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201401-179
TYPE
trust management
Trust: 0.6
sources:
CNNVD: CNNVD-201401-179
CONFIGURATIONS
sources:
JVNDB: JVNDB-2014-001184
PATCH
| title: | AirLink RavenSecurity Vulnerability | url: | http://www.sierrawireless.com/resources/support/airlink/docs/raven%20security%20vulnerability%202014-01-10.pdf | Trust: 0.8 |
| title: | AirLink Raven X EV-DO Information Disclosure Vulnerability Patch | url: | https://www.cnvd.org.cn/patchInfo/show/42227 | Trust: 0.6 |
sources:
CNVD: CNVD-2014-00190 //
JVNDB: JVNDB-2014-001184
EXTERNAL IDS
| db: | NVD | id: | CVE-2013-2819 | Trust: 3.4 |
| db: | ICS CERT | id: | ICSA-14-007-01A | Trust: 2.5 |
| db: | BID | id: | 64702 | Trust: 1.6 |
| db: | JVNDB | id: | JVNDB-2014-001184 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201401-179 | Trust: 0.7 |
| db: | ICS CERT | id: | ICSA-14-007-01 | Trust: 0.6 |
| db: | CNVD | id: | CNVD-2014-00190 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-62821 | Trust: 0.1 |
sources:
CNVD: CNVD-2014-00190 //
VULHUB: VHN-62821 //
BID: 64702 //
JVNDB: JVNDB-2014-001184 //
CNNVD: CNNVD-201401-179 //
NVD: CVE-2013-2819
REFERENCES
| url: | http://ics-cert.us-cert.gov/advisories/icsa-14-007-01a | Trust: 2.5 |
| url: | http://www.sierrawireless.com/resources/support/airlink/docs/raven%20security%20vulnerability%202014-01-10.pdf | Trust: 1.7 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2819 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2819 | Trust: 0.8 |
| url: | http://ics-cert.us-cert.gov/advisories/icsa-14-007-01 | Trust: 0.6 |
| url: | http://www.securityfocus.com/bid/64702 | Trust: 0.6 |
sources:
CNVD: CNVD-2014-00190 //
VULHUB: VHN-62821 //
JVNDB: JVNDB-2014-001184 //
CNNVD: CNNVD-201401-179 //
NVD: CVE-2013-2819
CREDITS
Cimation
Trust: 0.9
sources:
BID: 64702 //
CNNVD: CNNVD-201401-179
SOURCES
| db: | CNVD | id: | CNVD-2014-00190 |
| db: | VULHUB | id: | VHN-62821 |
| db: | BID | id: | 64702 |
| db: | JVNDB | id: | JVNDB-2014-001184 |
| db: | CNNVD | id: | CNNVD-201401-179 |
| db: | NVD | id: | CVE-2013-2819 |
LAST UPDATE DATE
2025-04-11T23:04:02.360000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2014-00190 | date: | 2014-01-15T00:00:00 |
| db: | VULHUB | id: | VHN-62821 | date: | 2014-01-16T00:00:00 |
| db: | BID | id: | 64702 | date: | 2014-07-25T00:47:00 |
| db: | JVNDB | id: | JVNDB-2014-001184 | date: | 2014-01-20T00:00:00 |
| db: | CNNVD | id: | CNNVD-201401-179 | date: | 2014-01-20T00:00:00 |
| db: | NVD | id: | CVE-2013-2819 | date: | 2025-04-11T00:51:21.963 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2014-00190 | date: | 2014-01-10T00:00:00 |
| db: | VULHUB | id: | VHN-62821 | date: | 2014-01-15T00:00:00 |
| db: | BID | id: | 64702 | date: | 2014-01-07T00:00:00 |
| db: | JVNDB | id: | JVNDB-2014-001184 | date: | 2014-01-20T00:00:00 |
| db: | CNNVD | id: | CNNVD-201401-179 | date: | 2014-01-14T00:00:00 |
| db: | NVD | id: | CVE-2013-2819 | date: | 2014-01-15T16:08:13.017 |