Details of VAR-201702-0689

ID

VAR-201702-0689

CVE

CVE-2017-5136

TITLE

SendQuick Entera and Avera Device application system shutdown vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-001452

DESCRIPTION

An issue was discovered on SendQuick Entera and Avera devices before 2HF16. The application failed to check the access control of the request which could result in an attacker being able to shutdown the system. SendQuick Entera & Avera SMS Gateway Appliances are prone to the following security vulnerabilities: 1. A denial-of-service vulnerability 2. An authentication bypass vulnerability. An attacker can exploit these issues to bypass certain security restrictions and perform unauthorized actions or cause denial-of-service conditions. TalariaX SendQuick Entera and Avera are products of TalariaX Company in Singapore. The former is a web-based server management system, and the latter is a plug-and-play network monitoring system. An attacker could exploit this vulnerability to shut down the system

Trust: 2.07

sources: NVD: CVE-2017-5136 // JVNDB: JVNDB-2017-001452 // BID: 96031 // VULHUB: VHN-113339 // VULMON: CVE-2017-5136

AFFECTED PRODUCTS

vendor:	sendquick	model:	entera sms gateway	scope:	eq	version:	-	Trust: 1.6
vendor:	sendquick	model:	avera sms gateway	scope:	eq	version:	-	Trust: 1.6
vendor:	talariax pte	model:	sendquick avera	scope:	-	version:	-	Trust: 0.8
vendor:	talariax pte	model:	sendquick avera	scope:	lt	version:	2hf16	Trust: 0.8
vendor:	talariax pte	model:	sendquick entera	scope:	-	version:	-	Trust: 0.8
vendor:	talariax pte	model:	sendquick entera	scope:	lt	version:	2hf16	Trust: 0.8
vendor:	sendquick	model:	entera sms gateway	scope:	eq	version:	0	Trust: 0.3
vendor:	sendquick	model:	avera sms gateway	scope:	eq	version:	0	Trust: 0.3

sources: BID: 96031 // JVNDB: JVNDB-2017-001452 // CNNVD: CNNVD-201702-037 // NVD: CVE-2017-5136

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-5136
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-5136
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201702-037
value:	HIGH
Trust: 0.6
VULHUB:	VHN-113339
value:	HIGH
Trust: 0.1
VULMON:	CVE-2017-5136
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-5136
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-113339
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-5136
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-113339 // VULMON: CVE-2017-5136 // JVNDB: JVNDB-2017-001452 // CNNVD: CNNVD-201702-037 // NVD: CVE-2017-5136

PROBLEMTYPE DATA

problemtype:	CWE-862	Trust: 1.1
problemtype:	CWE-284	Trust: 0.9

sources: VULHUB: VHN-113339 // JVNDB: JVNDB-2017-001452 // NVD: CVE-2017-5136

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-037

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201702-037

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-001452

PATCH

title:	Entera	url:	http://www.sendquick.com.au/sqentera.html	Trust: 0.8
title:	Avera	url:	http://www.sendquick.com.au/sqavera.html	Trust: 0.8
title:	TalariaX SendQuick Entera and Avera Repair measures for device security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67425	Trust: 0.6

sources: JVNDB: JVNDB-2017-001452 // CNNVD: CNNVD-201702-037

EXTERNAL IDS

db:	NVD	id:	CVE-2017-5136	Trust: 2.9
db:	BID	id:	96031	Trust: 2.1
db:	JVNDB	id:	JVNDB-2017-001452	Trust: 0.8
db:	CNNVD	id:	CNNVD-201702-037	Trust: 0.7
db:	VULHUB	id:	VHN-113339	Trust: 0.1
db:	VULMON	id:	CVE-2017-5136	Trust: 0.1

sources: VULHUB: VHN-113339 // VULMON: CVE-2017-5136 // BID: 96031 // JVNDB: JVNDB-2017-001452 // CNNVD: CNNVD-201702-037 // NVD: CVE-2017-5136

REFERENCES

url:	https://niantech.io/blog/2017/02/05/vulns-multiple-vulns-in-sendquick-entera-avera-sms-gateway-appliances/	Trust: 2.9
url:	http://www.securityfocus.com/bid/96031	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5136	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-5136	Trust: 0.8
url:	http://www.sendquick.com.au	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/862.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-113339 // VULMON: CVE-2017-5136 // BID: 96031 // JVNDB: JVNDB-2017-001452 // CNNVD: CNNVD-201702-037 // NVD: CVE-2017-5136

CREDITS

NianTech.

Trust: 0.3

sources: BID: 96031

SOURCES

db:	VULHUB	id:	VHN-113339
db:	VULMON	id:	CVE-2017-5136
db:	BID	id:	96031
db:	JVNDB	id:	JVNDB-2017-001452
db:	CNNVD	id:	CNNVD-201702-037
db:	NVD	id:	CVE-2017-5136

LAST UPDATE DATE

2025-04-20T23:22:30.469000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-113339	date:	2019-10-03T00:00:00
db:	VULMON	id:	CVE-2017-5136	date:	2019-10-03T00:00:00
db:	BID	id:	96031	date:	2017-03-07T03:02:00
db:	JVNDB	id:	JVNDB-2017-001452	date:	2017-02-21T00:00:00
db:	CNNVD	id:	CNNVD-201702-037	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-5136	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-113339	date:	2017-02-05T00:00:00
db:	VULMON	id:	CVE-2017-5136	date:	2017-02-05T00:00:00
db:	BID	id:	96031	date:	2017-02-05T00:00:00
db:	JVNDB	id:	JVNDB-2017-001452	date:	2017-02-21T00:00:00
db:	CNNVD	id:	CNNVD-201702-037	date:	2017-02-06T00:00:00
db:	NVD	id:	CVE-2017-5136	date:	2017-02-05T18:59:00.197