Command Injection Vulnerabilities in SendQuick Entera and Avera Devices
CVE-2016-10098

9.8CRITICAL

Key Information:

Vendor: Sendquick
Status: Entera Sms Gateway Firmware
Vendor: CVE Published:; 5 February 2017

What is CVE-2016-10098?

Multiple command injection vulnerabilities have been identified in SendQuick Entera and Avera devices prior to the 2HF16 release. These vulnerabilities enable attackers to execute arbitrary system commands, potentially compromising the integrity and availability of the devices. Immediate action is advised to mitigate risks associated with these security flaws.

References

http://www.securityfocus.com/bid/96129

vdb-entryx_refsource_BID

https://niantech.io/blog/2017/02/05/vulns-multiple-vulns-...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 5, 2017
Vulnerability Reserved
Jan 2, 2017

JSON

Sendquick

What is CVE-2016-10098?

References

CVSS V3.1

Timeline