CVE-2013-2819
Severity CVSS v4.0:
Pending analysis
Type:
CWE-255
Credentials Management
Publication date:
15/01/2014
Last modified:
11/04/2025
Description
The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to install Trojan horse firmware by leveraging cleartext credentials in a crafted (1) update or (2) reprogramming action.
Impact
Base Score 2.0
9.30
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:sierrawireless:raven_x_ev-do_firmware:4221_4.0.11.003:*:*:*:*:*:*:* | ||
| cpe:2.3:o:sierrawireless:raven_x_ev-do_firmware:4228_4.0.11.003:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sierrawireless:airlink_mp_at\&t:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sierrawireless:airlink_mp_at\&t_wifi:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sierrawireless:airlink_mp_bell:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sierrawireless:airlink_mp_bell_wifi:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sierrawireless:airlink_mp_row:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sierrawireless:airlink_mp_row_wifi:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sierrawireless:airlink_mp_sprint:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sierrawireless:airlink_mp_sprint_wifi:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sierrawireless:airlink_mp_telus:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sierrawireless:airlink_mp_telus_wifi:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sierrawireless:airlink_mp_verizon:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sierrawireless:airlink_mp_verizon_wifi:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sierrawireless:pinpoint_x:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://ics-cert.us-cert.gov/advisories/ICSA-14-007-01A
- http://www.sierrawireless.com/resources/support/airlink/docs/raven%20security%20vulnerability%202014-01-10.pdf
- http://ics-cert.us-cert.gov/advisories/ICSA-14-007-01A
- http://www.sierrawireless.com/resources/support/airlink/docs/raven%20security%20vulnerability%202014-01-10.pdf