Remote Code Execution Vulnerability in Sierra Wireless AirLink Raven X Gateway
CVE-2013-2819

Currently unrated

Key Information:

Vendor: Sierrawireless
Status: Raven X Ev-do Firmware; Airlink Mp At\&t; Airlink Mp At\&t Wifi; Airlink Mp Bell
Vendor: CVE Published:; 15 January 2014

🔔 Create Sierrawireless Vulnerability Alert

What is CVE-2013-2819?

A vulnerability exists in the Sierra Wireless AirLink Raven X EV-DO gateway that allows remote attackers to exploit cleartext credentials during an update or reprogramming action. This can enable the installation of Trojan horse firmware, potentially compromising the integrity and security of the device. Users of the affected products are strongly advised to implement necessary security measures to mitigate risks associated with this vulnerability.

References

http://www.sierrawireless.com/resources/support/airlink/d...

x_refsource_CONFIRM

http://ics-cert.us-cert.gov/advisories/ICSA-14-007-01A

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 15, 2014
Vulnerability Reserved
Apr 11, 2013