Bulk Enumeration Vulnerability Affecting Sierra Wireless AirVantage Warranty Checker
CVE-2023-31280

Currently unrated

Key Information:

Vendor: Sierra Wireless
Vendor: CVE Published:; 21 December 2024

🔔 Create Sierra Wireless Vulnerability Alert

What is CVE-2023-31280?

CVE-2023-31280 is a significant vulnerability found in the AirVantage Warranty Checker tool by Sierra Wireless. This weakness allows attackers to perform bulk enumeration of IMEI and Serial Number pairs. As a result, when users query for warranty status using these identifiers, the tool unintentionally reveals sensitive data—specifically, the IMEI and Serial Number alongside the warranty status. This exposure could enable malicious actors to gather and exploit sensitive information, necessitating immediate updates to the tool to mitigate these risks.

References

https://source.sierrawireless.com/resources/security-bull...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 21, 2024

JSON