CVE-2016-10098

An issue was discovered on SendQuick Entera and Avera devices before 2HF16. Multiple Command Injection vulnerabilities allow attackers to execute arbitrary system commands.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/96129
https://niantech.io/blog/2017/02/05/vulns-multiple-vulns-in-sendquick-entera-avera-sms-gateway-appliances/	Press/Media Coverage Third Party Advisory URL Repurposed

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:sendquick:entera_sms_gateway_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sendquick:entera_sms_gateway:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:sendquick:avera_sms_gateway_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sendquick:avera_sms_gateway:-:*:*:*:*:*:*:*

History

14 Feb 2024, 01:17

Type	Values Removed	Values Added
References	~~(MISC) https://niantech.io/blog/2017/02/05/vulns-multiple-vulns-in-sendquick-entera-avera-sms-gateway-appliances/ - Press/Media Coverage, Third Party Advisory~~	(MISC) https://niantech.io/blog/2017/02/05/vulns-multiple-vulns-in-sendquick-entera-avera-sms-gateway-appliances/ - Press/Media Coverage, Third Party Advisory, URL Repurposed

Information

Published : 2017-02-05 18:59

Updated : 2024-02-28 15:44

NVD link : CVE-2016-10098

Mitre link : CVE-2016-10098

CVE.ORG link : CVE-2016-10098

JSON object : View

Products Affected

sendquick

entera_sms_gateway
avera_sms_gateway
entera_sms_gateway_firmware
avera_sms_gateway_firmware

CWE

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

{"id": "CVE-2016-10098", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-02-05T18:59:00.133", "references": [{"url": "http://www.securityfocus.com/bid/96129", "source": "cve@mitre.org"}, {"url": "https://niantech.io/blog/2017/02/05/vulns-multiple-vulns-in-sendquick-entera-avera-sms-gateway-appliances/", "tags": ["Press/Media Coverage", "Third Party Advisory", "URL Repurposed"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on SendQuick Entera and Avera devices before 2HF16. Multiple Command Injection vulnerabilities allow attackers to execute arbitrary system commands."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en dispositivos SendQuick Entera y Avera en versiones anteriores a 2HF16. M\u00faltiples vulnerabilidades de inyecci\u00f3n de comandos permiten a atacantes ejecutar comandos arbitrarios en el sistema."}], "lastModified": "2024-02-14T01:17:43.863", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sendquick:entera_sms_gateway_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9649AFA2-5306-4888-8335-DDBCCDABA57B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sendquick:entera_sms_gateway:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7501D6BC-A349-40DB-98DF-0047FEA3F82A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sendquick:avera_sms_gateway_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7EF5B6E4-D97A-4B9B-8219-76357BE2BF51"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sendquick:avera_sms_gateway:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A9176344-BE46-48F4-A5C4-109184E37D0B"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}