Firmware Reprogramming Vulnerability in Sierra Wireless AirLink Gateway
CVE-2013-2820

Currently unrated

Key Information:

Vendor: Sierrawireless
Status: Raven X Ev-do Firmware; Airlink Mp At\&t; Airlink Mp At\&t Wifi; Airlink Mp Bell
Vendor: CVE Published:; 15 January 2014

🔔 Create Sierrawireless Vulnerability Alert

What is CVE-2013-2820?

The vulnerability allows remote attackers to exploit the Sierra Wireless AirLink Raven X EV-DO gateway, particularly versions 4221_4.0.11.003 and 4228_4.0.11.003, by reprogramming its firmware through a deceptive replay attack. This occurs via specific UDP ports, namely 17336 and 17388, potentially compromising the device's functionality and security. Administrators are urged to secure these endpoints and ensure firmware is regularly updated to mitigate risks associated with unauthorized firmware alterations.

References

http://www.sierrawireless.com/resources/support/airlink/d...

x_refsource_CONFIRM

http://ics-cert.us-cert.gov/advisories/ICSA-14-007-01A

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 15, 2014
Vulnerability Reserved
Apr 11, 2013