CVE-2017-6042: CSRF
First published: Fri Jun 30 2017(Updated: )
A Cross-Site Request Forgery issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Affected devices do not verify if a request was intentionally sent by the logged-in user, which may allow an attacker to trick a client into making an unintentional request to the web server that will be treated as an authentic request.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sierra Wireless Airlink Raven Xe Firmware | <=- | |
| Sierra Wireless AirLink Raven XE | ||
| Sierra Wireless Airlink Raven Xt Firmware | ||
| Sierra Wireless Airlink Raven Xt |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/event
- agent/weakness
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/sierra wireless
- canonical/sierra wireless airlink raven xe firmware
- version/sierra wireless airlink raven xe firmware/-
- canonical/sierra wireless airlink raven xe
- canonical/sierra wireless airlink raven xt firmware
- canonical/sierra wireless airlink raven xt