Details of VAR-201704-0070

ID

VAR-201704-0070

CVE

CVE-2016-10315

TITLE

plural Jensen of Scandinavia AS Air:Link Open redirect vulnerability in devices

Trust: 0.8

sources: JVNDB: JVNDB-2016-008247

DESCRIPTION

Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to conduct Open Redirect attacks via the submit-url parameter to certain /goform/* pages. Air: Link3G, Air: Link5000AC, Air: Link59300 is the router of the Norwegian Jensenof Scandinavia company. An attacker can construct a malicious URI, entice the user to resolve, and redirect the user to any WEB site for phishing attacks. are all routers of Jensen of Scandinavia AS in Norway. Several Jensen of Scandinavia AS Air:Link products have security vulnerabilities. 3); Air: Link 5000AC (AL5000AC) prior to 1.13; Air: Link 59300 (AL59300) 1.04 (Rev

Trust: 2.25

sources: NVD: CVE-2016-10315 // JVNDB: JVNDB-2016-008247 // CNVD: CNVD-2017-05305 // VULHUB: VHN-89079

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-05305

AFFECTED PRODUCTS

vendor:	jensenofscandinavia	model:	al3g	scope:	eq	version:	2.23m	Trust: 1.6
vendor:	jensenofscandinavia	model:	al5000ac	scope:	eq	version:	1.13	Trust: 1.6
vendor:	jensenofscandinavia	model:	al59300	scope:	eq	version:	1.04	Trust: 1.6
vendor:	jensen of scandinavia as	model:	air:link 3g	scope:	eq	version:	2.23m (rev.3)	Trust: 0.8
vendor:	jensen of scandinavia as	model:	air:link 5000ac	scope:	eq	version:	1.13	Trust: 0.8
vendor:	jensen of scandinavia as	model:	air:link 59300	scope:	eq	version:	1.04 (rev.4)	Trust: 0.8
vendor:	jensen	model:	of scandinavia air:link 3g 2.23m (rev.	scope:	eq	version:	3)	Trust: 0.6
vendor:	jensen	model:	of scandinavia air:link 5000ac	scope:	eq	version:	1.13	Trust: 0.6
vendor:	jensen	model:	of scandinavia air:link (rev.	scope:	eq	version:	593001.044)	Trust: 0.6

sources: CNVD: CNVD-2017-05305 // JVNDB: JVNDB-2016-008247 // CNNVD: CNNVD-201704-173 // NVD: CVE-2016-10315

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-10315
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-10315
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-05305
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201704-173
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-89079
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-10315
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-05305
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-89079
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-10315
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-05305 // VULHUB: VHN-89079 // JVNDB: JVNDB-2016-008247 // CNNVD: CNNVD-201704-173 // NVD: CVE-2016-10315

PROBLEMTYPE DATA

problemtype:

CWE-601

Trust: 1.9

sources: VULHUB: VHN-89079 // JVNDB: JVNDB-2016-008247 // NVD: CVE-2016-10315

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-173

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201704-173

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-008247

PATCH

title:	Top Page	url:	http://www.jensenofscandinavia.com	Trust: 0.8
title:	Multiple JensenofScandinaviaAir: Patch for Link Open Redirection Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/92432	Trust: 0.6

sources: CNVD: CNVD-2017-05305 // JVNDB: JVNDB-2016-008247

EXTERNAL IDS

db:	NVD	id:	CVE-2016-10315	Trust: 3.1
db:	JVNDB	id:	JVNDB-2016-008247	Trust: 0.8
db:	CNNVD	id:	CNNVD-201704-173	Trust: 0.7
db:	CNVD	id:	CNVD-2017-05305	Trust: 0.6
db:	VULHUB	id:	VHN-89079	Trust: 0.1

sources: CNVD: CNVD-2017-05305 // VULHUB: VHN-89079 // JVNDB: JVNDB-2016-008247 // CNNVD: CNNVD-201704-173 // NVD: CVE-2016-10315

REFERENCES

url:	https://www.riskbasedsecurity.com/research/rbs-2016-004.pdf	Trust: 3.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-10315	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10315	Trust: 0.8

sources: CNVD: CNVD-2017-05305 // VULHUB: VHN-89079 // JVNDB: JVNDB-2016-008247 // CNNVD: CNNVD-201704-173 // NVD: CVE-2016-10315

SOURCES

db:	CNVD	id:	CNVD-2017-05305
db:	VULHUB	id:	VHN-89079
db:	JVNDB	id:	JVNDB-2016-008247
db:	CNNVD	id:	CNNVD-201704-173
db:	NVD	id:	CVE-2016-10315

LAST UPDATE DATE

2025-04-20T23:22:24.540000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-05305	date:	2017-04-25T00:00:00
db:	VULHUB	id:	VHN-89079	date:	2017-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2016-008247	date:	2017-05-08T00:00:00
db:	CNNVD	id:	CNNVD-201704-173	date:	2017-04-07T00:00:00
db:	NVD	id:	CVE-2016-10315	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-05305	date:	2017-04-25T00:00:00
db:	VULHUB	id:	VHN-89079	date:	2017-04-03T00:00:00
db:	JVNDB	id:	JVNDB-2016-008247	date:	2017-05-08T00:00:00
db:	CNNVD	id:	CNNVD-201704-173	date:	2017-04-07T00:00:00
db:	NVD	id:	CVE-2016-10315	date:	2017-04-03T05:59:00.643