The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to reprogram the firmware via a replay attack using UDP ports 17336 and 17388.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C
Vendors Products
Sierrawireless
  • Airlink Mp Bell
  • Airlink Mp Verizon Wifi
  • Airlink Mp Bell Wifi
  • Raven Xt
  • Raven X Ev-do
  • Airlink Mp Sprint
  • Raven Xe
  • Airlink Mp Row
  • Pinpoint Xt
  • Airlink Mp Verizon
  • Airlink Mp Telus
  • Airlink Mp Telus Wifi
  • Pinpoint X
  • Airlink Mp At\&t
  • Raven X Ev-do Firmware
  • Raven X
  • Airlink Mp At\&t Wifi
  • Airlink Mp Sprint Wifi
  • Airlink Mp Row Wifi

Configuration 1 [-]

AND
OR cpe:2.3:o:sierrawireless:raven_x_ev-do_firmware:4221_4.0.11.003:*:*:*:*:*:*:*
cpe:2.3:o:sierrawireless:raven_x_ev-do_firmware:4228_4.0.11.003:*:*:*:*:*:*:*
OR cpe:2.3:h:sierrawireless:airlink_mp_at\&t:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:airlink_mp_at\&t_wifi:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:airlink_mp_bell:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:airlink_mp_bell_wifi:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:airlink_mp_row:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:airlink_mp_row_wifi:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:airlink_mp_sprint:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:airlink_mp_sprint_wifi:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:airlink_mp_telus:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:airlink_mp_telus_wifi:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:airlink_mp_verizon:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:airlink_mp_verizon_wifi:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:pinpoint_x:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:pinpoint_xt:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:raven_x:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:raven_x_ev-do:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:raven_xe:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:raven_xt:-:*:*:*:*:*:*:*
References
Link Resource
http://ics-cert.us-cert.gov/advisories/ICSA-14-007-01A US Government Resource
http://www.sierrawireless.com/resources/support/airlink/docs/raven%20security%20vulnerability%202014-01-10.pdf Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2014-01-15T16:00:00

Updated: 2014-01-15T16:57:01

Reserved: 2013-04-11T00:00:00

Link: CVE-2013-2820

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2014-01-15T16:08:18.110

Modified: 2014-01-16T16:47:38.633

Link: CVE-2013-2820

JSON object: View

cve-icon Redhat Information

No data.

CWE