ID
VAR-201704-0141
CVE
CVE-2016-5070
TITLE
Sierra Wireless GX 440 Device ALEOS Vulnerability in managing certificates and passwords in firmware
Trust: 0.8
sources:
JVNDB: JVNDB-2016-008302
DESCRIPTION
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext. Sierra Wireless GX 440 Device ALEOS The firmware contains a vulnerability related to the management of certificates and passwords.Information is acquired, information is falsified, and denial of service (DoS) An attack could be made. The Sierra Wireless GX440 is a gateway device from Sierra Wireless, Canada. The SierraWirelessGX440 has a weak password storage vulnerability that can be exploited by remote attackers to submit special requests for sensitive information
Trust: 2.25
sources:
NVD: CVE-2016-5070 //
JVNDB: JVNDB-2016-008302 //
CNVD: CNVD-2017-10185 //
VULHUB: VHN-93889
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2017-10185
AFFECTED PRODUCTS
| vendor: | sierrawireless | model: | aleos | scope: | eq | version: | 4.3.2 | Trust: 1.6 |
| vendor: | sierra | model: | aleos | scope: | eq | version: | 4.3.2 | Trust: 0.8 |
| vendor: | sierra | model: | wireless gx440 | scope: | eq | version: | 4.3.2 | Trust: 0.6 |
sources:
CNVD: CNVD-2017-10185 //
JVNDB: JVNDB-2016-008302 //
CNNVD: CNNVD-201704-505 //
NVD: CVE-2016-5070
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
CNVD: CNVD-2017-10185 //
VULHUB: VHN-93889 //
JVNDB: JVNDB-2016-008302 //
CNNVD: CNNVD-201704-505 //
NVD: CVE-2016-5070
PROBLEMTYPE DATA
| problemtype: | CWE-255 | Trust: 1.9 |
sources:
VULHUB: VHN-93889 //
JVNDB: JVNDB-2016-008302 //
NVD: CVE-2016-5070
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201704-505
TYPE
trust management
Trust: 0.6
sources:
CNNVD: CNNVD-201704-505
CONFIGURATIONS
sources:
JVNDB: JVNDB-2016-008302
PATCH
| title: | Getting started with AirLink Intelligent Gateways | url: | https://source.sierrawireless.com/airvantage/avc/howto/hardware/airlink_getting_started/ | Trust: 0.8 |
| title: | Patch for SierraWirelessGX440 Weak Password Storage Vulnerability (CNVD-2017-10185) | url: | https://www.cnvd.org.cn/patchInfo/show/95708 | Trust: 0.6 |
sources:
CNVD: CNVD-2017-10185 //
JVNDB: JVNDB-2016-008302
EXTERNAL IDS
| db: | NVD | id: | CVE-2016-5070 | Trust: 3.1 |
| db: | JVNDB | id: | JVNDB-2016-008302 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201704-505 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2017-10185 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-93889 | Trust: 0.1 |
sources:
CNVD: CNVD-2017-10185 //
VULHUB: VHN-93889 //
JVNDB: JVNDB-2016-008302 //
CNNVD: CNNVD-201704-505 //
NVD: CVE-2016-5070
REFERENCES
| url: | https://carvesystems.com/sierra-wireless-2016-advisory.html | Trust: 3.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2016-5070 | Trust: 1.4 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5070 | Trust: 0.8 |
sources:
CNVD: CNVD-2017-10185 //
VULHUB: VHN-93889 //
JVNDB: JVNDB-2016-008302 //
CNNVD: CNNVD-201704-505 //
NVD: CVE-2016-5070
SOURCES
| db: | CNVD | id: | CNVD-2017-10185 |
| db: | VULHUB | id: | VHN-93889 |
| db: | JVNDB | id: | JVNDB-2016-008302 |
| db: | CNNVD | id: | CNNVD-201704-505 |
| db: | NVD | id: | CVE-2016-5070 |
LAST UPDATE DATE
2024-11-23T21:54:09.867000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2017-10185 | date: | 2017-06-19T00:00:00 |
| db: | VULHUB | id: | VHN-93889 | date: | 2017-04-14T00:00:00 |
| db: | JVNDB | id: | JVNDB-2016-008302 | date: | 2017-05-15T00:00:00 |
| db: | CNNVD | id: | CNNVD-201704-505 | date: | 2017-05-18T00:00:00 |
| db: | NVD | id: | CVE-2016-5070 | date: | 2024-11-21T02:53:34.543 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2017-10185 | date: | 2017-06-19T00:00:00 |
| db: | VULHUB | id: | VHN-93889 | date: | 2017-04-10T00:00:00 |
| db: | JVNDB | id: | JVNDB-2016-008302 | date: | 2017-05-15T00:00:00 |
| db: | CNNVD | id: | CNNVD-201704-505 | date: | 2017-04-09T00:00:00 |
| db: | NVD | id: | CVE-2016-5070 | date: | 2017-04-10T03:59:01.733 |