CVE-2016-10316

EUVD-2016-1501
Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to conduct Open Redirect attacks via the return-url parameter to /goform/formLogout.
Open Redirect
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
Affected Products (NVD)
VendorProductVersion
jensenofscandinaviaal3g_firmware
2.23m:m
jensenofscandinaviaal5000ac_firmware
1.13
jensenofscandinaviaal59300_firmware
1.04
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.riskbasedsecurity.com/research/RBS-2016-004.pdf
https://www.riskbasedsecurity.com/research/RBS-2016-004.pdf