CVE-2015-2054

EUVD-2015-2167
CRLF injection vulnerability in export.cfg in the web-based administrative console for Sierra Wireless AirCard 760S, 762S, and 763S allows remote attackers to inject arbitrary headers via CRLF sequences in the save parameter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
Affected Products (NVD)
VendorProductVersion
sierra_wirelesssierra_wireless_aircard_760s
*
sierra_wirelesssierra_wireless_aircard_762s
*
sierra_wirelesssierra_wireless_aircard_763s
*
𝑥
= Vulnerable software versions
References
http://seclists.org/fulldisclosure/2015/Jan/58
http://www.securityfocus.com/bid/74875
http://seclists.org/fulldisclosure/2015/Jan/58
http://www.securityfocus.com/bid/74875