Details of VAR-201703-0133

ID

VAR-201703-0133

CVE

CVE-2016-10273

TITLE

plural Jensen of Scandinavia AS Air:Link Device stack buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-008207

DESCRIPTION

Jensen of Scandinavia AS Air:Link 3G (AL3G) , Air:Link 5000AC (AL5000AC) ,and Air:Link 59300 (AL59300) The device contains a stack buffer overflow vulnerability.By a remote attacker, /goform/formWlanMP endpoint Any code can be executed via the following parameters, or Web The service may be crashed. (1) ateFunc Parameters (2) ateGain Parameters (3) ateTxCount Parameters (4) ateChan Parameters (5) ateRate Parameters (6) ateMacID Parameters (7) e2pTxPower1 Parameters (8) e2pTxPower2 Parameters (9) e2pTxPower3 Parameters (10) e2pTxPower4 Parameters (11) e2pTxPower5 Parameters (12) e2pTxPower6 Parameters (13) e2pTxPower7 Parameters (14) e2pTx2Power1 Parameters (15) e2pTx2Power2 Parameters (16) e2pTx2Power3 Parameters (17) e2pTx2Power4 Parameters (18) e2pTx2Power5 Parameters (19) e2pTx2Power6 Parameters (20) e2pTx2Power7 Parameters (21) ateTxFreqOffset Parameters (22) ateMode Parameters (23) ateBW Parameters (24) ateAntenna Parameters (25) e2pTxFreqOffset Parameters (26) e2pTxPwDeltaB Parameters (27) e2pTxPwDeltaG Parameters (28) e2pTxPwDeltaMix Parameters (29) e2pTxPwDeltaN Parameters (30) readE2P Parameters. JensenofScandinaviaASAir: Link3G and others are routers of the Norwegian Jensenof ScandinaviaAS company. Multiple JensenofScandinaviaASAir: Stack Buffer Overflow Vulnerabilities in Link Routers. Jensen of Scandinavia AS Air: Link 3G, etc. are all routers of Jensen of Scandinavia AS in Norway. The following products and versions are affected: Jensen of Scandinavia AS Air: Link 3G (AL3G) 2.23m (Rev. 3); Air: Link 5000AC (AL5000AC) 1.13; Air: Link 59300 (AL59300) 1.04 (Rev. 4) Version

Trust: 1.35

sources: JVNDB: JVNDB-2016-008207 // CNVD: CNVD-2017-33210 // VULHUB: VHN-89033

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-33210

AFFECTED PRODUCTS

vendor:	jensenofscandinavia	model:	air\:link 5000ac	scope:	eq	version:	1.13	Trust: 1.0
vendor:	jensenofscandinavia	model:	air\:link 59300	scope:	eq	version:	1.04	Trust: 1.0
vendor:	jensenofscandinavia	model:	air\:link 3g	scope:	eq	version:	2.23m	Trust: 1.0
vendor:	jensen of scandinavia as	model:	air:link 3g	scope:	eq	version:	version 2.23m (rev.3)	Trust: 0.8
vendor:	jensen of scandinavia as	model:	air:link 5000ac	scope:	eq	version:	version 1.13	Trust: 0.8
vendor:	jensen of scandinavia as	model:	air:link 59300	scope:	eq	version:	version 1.04 (rev.4)	Trust: 0.8
vendor:	jensen	model:	of scandinavia air:link 3g 2.23m (rev.	scope:	eq	version:	3)	Trust: 0.6
vendor:	jensen	model:	of scandinavia air:link 5000ac	scope:	eq	version:	1.13	Trust: 0.6
vendor:	jensen	model:	of scandinavia air:link (rev.	scope:	eq	version:	593001.044)	Trust: 0.6
vendor:	jensen of scandinavia as	model:	air\:link 3g	scope:	eq	version:	2.23m	Trust: 0.6
vendor:	jensen of scandinavia as	model:	air\:link 5000ac	scope:	eq	version:	1.13	Trust: 0.6
vendor:	jensen of scandinavia as	model:	air\:link 59300	scope:	eq	version:	1.04	Trust: 0.6

sources: CNVD: CNVD-2017-33210 // JVNDB: JVNDB-2016-008207 // CNNVD: CNNVD-201703-1102 // NVD: CVE-2016-10273

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-10273
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-10273
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-33210
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201703-1102
value:	HIGH
Trust: 0.6
VULHUB:	VHN-89033
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-10273
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-33210
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-89033
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-10273
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2016-10273
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2017-33210 // VULHUB: VHN-89033 // JVNDB: JVNDB-2016-008207 // CNNVD: CNNVD-201703-1102 // NVD: CVE-2016-10273

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	CWE-119	Trust: 0.9

sources: VULHUB: VHN-89033 // JVNDB: JVNDB-2016-008207 // NVD: CVE-2016-10273

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-1102

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201703-1102

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-008207

PATCH

title:

Top Page

url:

http://www.jensenofscandinavia.com/en/

Trust: 0.8

sources: JVNDB: JVNDB-2016-008207

EXTERNAL IDS

db:	NVD	id:	CVE-2016-10273	Trust: 3.1
db:	JVNDB	id:	JVNDB-2016-008207	Trust: 0.8
db:	CNNVD	id:	CNNVD-201703-1102	Trust: 0.7
db:	CNVD	id:	CNVD-2017-33210	Trust: 0.6
db:	VULHUB	id:	VHN-89033	Trust: 0.1

sources: CNVD: CNVD-2017-33210 // VULHUB: VHN-89033 // JVNDB: JVNDB-2016-008207 // CNNVD: CNNVD-201703-1102 // NVD: CVE-2016-10273

REFERENCES

url:	https://www.riskbasedsecurity.com/research/rbs-2016-004.pdf	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2016-10273	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10273	Trust: 0.8

sources: CNVD: CNVD-2017-33210 // VULHUB: VHN-89033 // JVNDB: JVNDB-2016-008207 // CNNVD: CNNVD-201703-1102 // NVD: CVE-2016-10273

SOURCES

db:	CNVD	id:	CNVD-2017-33210
db:	VULHUB	id:	VHN-89033
db:	JVNDB	id:	JVNDB-2016-008207
db:	CNNVD	id:	CNNVD-201703-1102
db:	NVD	id:	CVE-2016-10273

LAST UPDATE DATE

2025-04-20T23:35:55.939000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-33210	date:	2017-11-09T00:00:00
db:	VULHUB	id:	VHN-89033	date:	2017-04-04T00:00:00
db:	JVNDB	id:	JVNDB-2016-008207	date:	2017-05-01T00:00:00
db:	CNNVD	id:	CNNVD-201703-1102	date:	2021-09-14T00:00:00
db:	NVD	id:	CVE-2016-10273	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-33210	date:	2017-11-08T00:00:00
db:	VULHUB	id:	VHN-89033	date:	2017-03-26T00:00:00
db:	JVNDB	id:	JVNDB-2016-008207	date:	2017-05-01T00:00:00
db:	CNNVD	id:	CNNVD-201703-1102	date:	2017-03-26T00:00:00
db:	NVD	id:	CVE-2016-10273	date:	2017-03-26T05:59:00.163