CVE-2015-2054

CRLF injection vulnerability in export.cfg in the web-based administrative console for Sierra Wireless AirCard 760S, 762S, and 763S allows remote attackers to inject arbitrary headers via CRLF sequences in the save parameter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
VendorProductVersion
sierra_wirelesssierra_wireless_aircard_760s
*
sierra_wirelesssierra_wireless_aircard_762s
*
sierra_wirelesssierra_wireless_aircard_763s
*
𝑥
= Vulnerable software versions
References
http://seclists.org/fulldisclosure/2015/Jan/58
http://www.securityfocus.com/bid/74875
http://seclists.org/fulldisclosure/2015/Jan/58
http://www.securityfocus.com/bid/74875