CVE-2016-10273

Multiple stack buffer overflow vulnerabilities in Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to execute arbitrary code or crash the web service via the (1) ateFunc, (2) ateGain, (3) ateTxCount, (4) ateChan, (5) ateRate, (6) ateMacID, (7) e2pTxPower1, (8) e2pTxPower2, (9) e2pTxPower3, (10) e2pTxPower4, (11) e2pTxPower5, (12) e2pTxPower6, (13) e2pTxPower7, (14) e2pTx2Power1, (15) e2pTx2Power2, (16) e2pTx2Power3, (17) e2pTx2Power4, (18) e2pTx2Power5, (19) e2pTx2Power6, (20) e2pTx2Power7, (21) ateTxFreqOffset, (22) ateMode, (23) ateBW, (24) ateAntenna, (25) e2pTxFreqOffset, (26) e2pTxPwDeltaB, (27) e2pTxPwDeltaG, (28) e2pTxPwDeltaMix, (29) e2pTxPwDeltaN, and (30) readE2P parameters of the /goform/formWlanMP endpoint.
References
Link Resource
https://www.riskbasedsecurity.com/research/RBS-2016-004.pdf Technical Description Third Party Advisory
https://www.riskbasedsecurity.com/research/RBS-2016-004.pdf Technical Description Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:jensenofscandinavia:air\:link_3g_firmware:2.23m:rev3:*:*:*:*:*:*
cpe:2.3:h:jensenofscandinavia:air\:link_3g:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:jensenofscandinavia:air\:link_5000ac_firmware:1.13:*:*:*:*:*:*:*
cpe:2.3:h:jensenofscandinavia:air\:link_5000ac:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:jensenofscandinavia:air\:link_59300_firmware:1.04:rev4:*:*:*:*:*:*
cpe:2.3:h:jensenofscandinavia:air\:link_59300:-:*:*:*:*:*:*:*

History

21 Nov 2024, 02:43

Type Values Removed Values Added
References () https://www.riskbasedsecurity.com/research/RBS-2016-004.pdf - Technical Description, Third Party Advisory () https://www.riskbasedsecurity.com/research/RBS-2016-004.pdf - Technical Description, Third Party Advisory

Information

Published : 2017-03-26 05:59

Updated : 2024-11-21 02:43


NVD link : CVE-2016-10273

Mitre link : CVE-2016-10273

CVE.ORG link : CVE-2016-10273


JSON object : View

Products Affected

jensenofscandinavia

  • air\
CWE
CWE-787

Out-of-bounds Write