Unauthenticated Access Vulnerability in SendQuick Entera and Avera SMS Gateway Appliances
CVE-2017-5137

6.2MEDIUM

Key Information:

Vendor: Sendquick
Status: Entera Sms Gateway Firmware
Vendor: CVE Published:; 5 February 2017

What is CVE-2017-5137?

A security issue was identified in SendQuick Entera and Avera SMS gateway appliances prior to 2HF16. This vulnerability allows attackers to request and retrieve SMS logs without any authentication, potentially exposing sensitive information and compromising user privacy.

References

https://niantech.io/blog/2017/02/05/vulns-multiple-vulns-...

x_refsource_MISC

http://www.securityfocus.com/bid/96031

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 5, 2017
Vulnerability Reserved
Jan 3, 2017

JSON

Sendquick

What is CVE-2017-5137?

References

CVSS V3.1

Timeline