Sign-up

ID

VAR-201605-0353


CVE

CVE-2016-4521


TITLE

Sixnet BT-5xxx and BT-6xxx M2M Vulnerability to gain access rights on devices

Trust: 0.8

sources: JVNDB: JVNDB-2016-002973

DESCRIPTION

Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x before 3.9.8 have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors. RedLionSixnetBT-5xxx is a BT series router that provides wireless connectivity for RedLion. Prior to SixnetBT-5xxxBT-6xxxM2Mdevices 3.8.2, there was a privilege escalation vulnerability in version 3.9.x prior to 3.9.8. The following products are affected: Sixnet BT-5xxx versions prior to 3.8.21. Red Lion Sixnet BT-5xxx and BT-6xxx M2M are both BT series routers of Red Lion Company in the United States that provide wireless connection functions. A security vulnerability exists in Red Lion Sixnet BT-5xxx and BT-6xxx M2M versions prior to 3.8.21 and 3.9.x prior to 3.9.8 due to the use of hard-coded certificates

Trust: 2.52

sources: NVD: CVE-2016-4521 // JVNDB: JVNDB-2016-002973 // CNVD: CNVD-2016-03825 // BID: 90900 // VULHUB: VHN-93340

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-03825

AFFECTED PRODUCTS

vendor:sixnetmodel:bt-5 series cellular routerscope:lteversion:3.8.20

Trust: 1.0

vendor:sixnetmodel:bt-6 series cellular routerscope:lteversion:3.8.20

Trust: 1.0

vendor:sixnetmodel:bt-5 series cellular routerscope:lteversion:3.9.7

Trust: 1.0

vendor:sixnetmodel:bt-6 series cellular routerscope:lteversion:3.9.7

Trust: 1.0

vendor:sixnetmodel:bt-6000 series m2mscope:eqversion:3.9.8

Trust: 0.8

vendor:sixnetmodel:bt-5000 series m2mscope: - version: -

Trust: 0.8

vendor:sixnetmodel:bt-6000 series m2mscope:ltversion:3.9.x

Trust: 0.8

vendor:sixnetmodel:bt-5000 series m2mscope:ltversion:3.9.x

Trust: 0.8

vendor:sixnetmodel:bt-6000 series m2mscope: - version: -

Trust: 0.8

vendor:sixnetmodel:bt-5000 series m2mscope:eqversion:3.9.8

Trust: 0.8

vendor:redmodel:lion sixnet bt-5xxx bt-6xxx m2m devicesscope:ltversion:3.8.21

Trust: 0.6

vendor:redmodel:lion sixnet bt-5xxx bt-6xxx m2m devicesscope:eqversion:3.9.x<3.9.8

Trust: 0.6

vendor:sixnetmodel:bt-5 series cellular routerscope:eqversion: -

Trust: 0.6

vendor:sixnetmodel:bt-6 series cellular routerscope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2016-03825 // JVNDB: JVNDB-2016-002973 // CNNVD: CNNVD-201605-651 // NVD: CVE-2016-4521

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-4521
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-4521
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2016-03825
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201605-651
value: CRITICAL

Trust: 0.6

VULHUB: VHN-93340
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-4521
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-03825
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-93340
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-4521
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-03825 // VULHUB: VHN-93340 // JVNDB: JVNDB-2016-002973 // CNNVD: CNNVD-201605-651 // NVD: CVE-2016-4521

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-93340 // JVNDB: JVNDB-2016-002973 // NVD: CVE-2016-4521

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201605-651

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201605-651

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-002973

PATCH
title:Industrial Wireless Software & Firmwareurl:http://www.redlion.net/resources/software/sixnet-software/industrial-wireless-software-firmware
Trust: 0.8
title:Red Lion Sixnet BT-5xxx  and BT-6xxx series M2M cellular router Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61961
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-002973 // 
            
            
            
            CNNVD: CNNVD-201605-651

EXTERNAL IDS
db:NVDid:CVE-2016-4521
Trust: 3.4
db:ICS CERTid:ICSA-16-147-02
Trust: 3.1
db:JVNDBid:JVNDB-2016-002973
Trust: 0.8
db:CNNVDid:CNNVD-201605-651
Trust: 0.7
db:CNVDid:CNVD-2016-03825
Trust: 0.6
db:BIDid:90900
Trust: 0.4
db:VULHUBid:VHN-93340
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-03825 // 
            
            
            
            VULHUB: VHN-93340 // 
            
            
            
            BID: 90900 // 
            
            
            
            JVNDB: JVNDB-2016-002973 // 
            
            
            
            CNNVD: CNNVD-201605-651 // 
            
            
            
            NVD: CVE-2016-4521

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-16-147-02
Trust: 3.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4521
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4521
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2016-03825 // 
            
            
            
            VULHUB: VHN-93340 // 
            
            
            
            JVNDB: JVNDB-2016-002973 // 
            
            
            
            CNNVD: CNNVD-201605-651 // 
            
            
            
            NVD: CVE-2016-4521

CREDITS
Neil Smith
Trust: 0.3
sources:
            
            
            BID: 90900

SOURCES
db:CNVDid:CNVD-2016-03825
db:VULHUBid:VHN-93340
db:BIDid:90900
db:JVNDBid:JVNDB-2016-002973
db:CNNVDid:CNNVD-201605-651
db:NVDid:CVE-2016-4521

LAST UPDATE DATE
2025-04-13T23:02:57.574000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-03825date:2016-06-07T00:00:00
db:VULHUBid:VHN-93340date:2016-06-01T00:00:00
db:BIDid:90900date:2016-05-26T00:00:00
db:JVNDBid:JVNDB-2016-002973date:2016-06-02T00:00:00
db:CNNVDid:CNNVD-201605-651date:2016-06-01T00:00:00
db:NVDid:CVE-2016-4521date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-03825date:2016-06-07T00:00:00
db:VULHUBid:VHN-93340date:2016-05-31T00:00:00
db:BIDid:90900date:2016-05-26T00:00:00
db:JVNDBid:JVNDB-2016-002973date:2016-06-02T00:00:00
db:CNNVDid:CNNVD-201605-651date:2016-05-27T00:00:00
db:NVDid:CVE-2016-4521date:2016-05-31T01:59:11.993