Details of VAR-201702-0485

ID

VAR-201702-0485

CVE

CVE-2016-10098

TITLE

SendQuick Entera and Avera Multiple command insertion vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-001475

DESCRIPTION

An issue was discovered on SendQuick Entera and Avera devices before 2HF16. Multiple Command Injection vulnerabilities allow attackers to execute arbitrary system commands. SendQuick Entera and Avera SMS Gateway Appliances are prone to a remote command-injection vulnerability. TalariaX SendQuick Entera and Avera are products of TalariaX Company in Singapore. The former is a web-based server management system, and the latter is a plug-and-play network monitoring system

Trust: 1.98

sources: NVD: CVE-2016-10098 // JVNDB: JVNDB-2017-001475 // BID: 96129 // VULHUB: VHN-88840

AFFECTED PRODUCTS

vendor:	sendquick	model:	entera sms gateway	scope:	eq	version:	-	Trust: 1.6
vendor:	sendquick	model:	avera sms gateway	scope:	eq	version:	-	Trust: 1.6
vendor:	talariax pte	model:	sendquick avera	scope:	-	version:	-	Trust: 0.8
vendor:	talariax pte	model:	sendquick avera	scope:	lt	version:	2hf16	Trust: 0.8
vendor:	talariax pte	model:	sendquick entera	scope:	-	version:	-	Trust: 0.8
vendor:	talariax pte	model:	sendquick entera	scope:	lt	version:	2hf16	Trust: 0.8
vendor:	sendquick	model:	entera sms gateway 2hf7	scope:	eq	version:	20141225	Trust: 0.3
vendor:	sendquick	model:	avera sms gateway 2hf7	scope:	eq	version:	20141225	Trust: 0.3
vendor:	sendquick	model:	entera sms gateway 2hf16	scope:	ne	version:	20141225	Trust: 0.3
vendor:	sendquick	model:	avera sms gateway 2hf16	scope:	ne	version:	20141225	Trust: 0.3

sources: BID: 96129 // JVNDB: JVNDB-2017-001475 // CNNVD: CNNVD-201612-809 // NVD: CVE-2016-10098

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-10098
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2016-10098
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201612-809
value:	HIGH
Trust: 0.6
VULHUB:	VHN-88840
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-10098
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-88840
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-10098
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-88840 // JVNDB: JVNDB-2017-001475 // CNNVD: CNNVD-201612-809 // NVD: CVE-2016-10098

PROBLEMTYPE DATA

problemtype:

CWE-77

Trust: 1.9

sources: VULHUB: VHN-88840 // JVNDB: JVNDB-2017-001475 // NVD: CVE-2016-10098

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-809

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201612-809

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-001475

PATCH

title:	sendQuick Avera	url:	http://www.talariax.com/web/avera.html	Trust: 0.8
title:	sendQuick Entera	url:	http://www.talariax.com/web/entera.html	Trust: 0.8

sources: JVNDB: JVNDB-2017-001475

EXTERNAL IDS

db:	NVD	id:	CVE-2016-10098	Trust: 2.8
db:	BID	id:	96129	Trust: 1.4
db:	JVNDB	id:	JVNDB-2017-001475	Trust: 0.8
db:	CNNVD	id:	CNNVD-201612-809	Trust: 0.7
db:	VULHUB	id:	VHN-88840	Trust: 0.1

sources: VULHUB: VHN-88840 // BID: 96129 // JVNDB: JVNDB-2017-001475 // CNNVD: CNNVD-201612-809 // NVD: CVE-2016-10098

REFERENCES

url:	https://niantech.io/blog/2017/02/05/vulns-multiple-vulns-in-sendquick-entera-avera-sms-gateway-appliances/	Trust: 2.8
url:	http://www.securityfocus.com/bid/96129	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10098	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-10098	Trust: 0.8
url:	http://www.sendquick.com.au	Trust: 0.3

sources: VULHUB: VHN-88840 // BID: 96129 // JVNDB: JVNDB-2017-001475 // CNNVD: CNNVD-201612-809 // NVD: CVE-2016-10098

CREDITS

NianTech.

Trust: 0.3

sources: BID: 96129

SOURCES

db:	VULHUB	id:	VHN-88840
db:	BID	id:	96129
db:	JVNDB	id:	JVNDB-2017-001475
db:	CNNVD	id:	CNNVD-201612-809
db:	NVD	id:	CVE-2016-10098

LAST UPDATE DATE

2025-04-20T23:35:56.421000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-88840	date:	2017-02-10T00:00:00
db:	BID	id:	96129	date:	2017-03-07T03:02:00
db:	JVNDB	id:	JVNDB-2017-001475	date:	2017-02-22T00:00:00
db:	CNNVD	id:	CNNVD-201612-809	date:	2017-02-06T00:00:00
db:	NVD	id:	CVE-2016-10098	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-88840	date:	2017-02-05T00:00:00
db:	BID	id:	96129	date:	2017-02-05T00:00:00
db:	JVNDB	id:	JVNDB-2017-001475	date:	2017-02-22T00:00:00
db:	CNNVD	id:	CNNVD-201612-809	date:	2017-01-03T00:00:00
db:	NVD	id:	CVE-2016-10098	date:	2017-02-05T18:59:00.133