CRLF Injection Vulnerability in Sierra Wireless AirCard Products
CVE-2015-2054

Currently unrated

Key Information:

Vendor: Sierra Wireless
Status: Sierra Wireless Aircard 763s; Sierra Wireless Aircard 760s; Sierra Wireless Aircard 762s
Vendor: CVE Published:; 23 February 2015

🔔 Create Sierra Wireless Vulnerability Alert

What is CVE-2015-2054?

A CRLF injection vulnerability exists in the export.cfg file of the web-based administrative console for several models of Sierra Wireless AirCard devices. This vulnerability allows remote attackers to inject arbitrary HTTP headers through the use of CRLF sequences in the 'save' parameter. By exploiting this weakness, an attacker could manipulate headers, potentially leading to further attacks such as session fixation, content spoofing, or other malicious activities that compromise the security and integrity of the affected devices.

References

http://www.securityfocus.com/bid/74875

vdb-entryx_refsource_BID

http://seclists.org/fulldisclosure/2015/Jan/58

mailing-listx_refsource_FULLDISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 23, 2015
Vulnerability Reserved
Feb 23, 2015

JSON