Vulnerability Description
The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to reprogram the firmware via a replay attack using UDP ports 17336 and 17388.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sierrawireless | Raven X Ev-Do Firmware | 4221_4.0.11.003 |
| Sierrawireless | Airlink Mp At\&T | - |
| Sierrawireless | Airlink Mp At\&T Wifi | - |
| Sierrawireless | Airlink Mp Bell | - |
| Sierrawireless | Airlink Mp Bell Wifi | - |
| Sierrawireless | Airlink Mp Row | - |
| Sierrawireless | Airlink Mp Row Wifi | - |
| Sierrawireless | Airlink Mp Sprint | - |
| Sierrawireless | Airlink Mp Sprint Wifi | - |
| Sierrawireless | Airlink Mp Telus | - |
| Sierrawireless | Airlink Mp Telus Wifi | - |
| Sierrawireless | Airlink Mp Verizon | - |
| Sierrawireless | Airlink Mp Verizon Wifi | - |
| Sierrawireless | Pinpoint X | - |
| Sierrawireless | Pinpoint Xt | - |
| Sierrawireless | Raven X | - |
| Sierrawireless | Raven X Ev-Do | - |
| Sierrawireless | Raven Xe | - |
| Sierrawireless | Raven Xt | - |
Related Weaknesses (CWE)
References
- http://ics-cert.us-cert.gov/advisories/ICSA-14-007-01AUS Government Resource
- http://www.sierrawireless.com/resources/support/airlink/docs/raven%20security%20Vendor Advisory
- http://ics-cert.us-cert.gov/advisories/ICSA-14-007-01AUS Government Resource
- http://www.sierrawireless.com/resources/support/airlink/docs/raven%20security%20Vendor Advisory
FAQ
What is CVE-2013-2820?
CVE-2013-2820 is a vulnerability with a CVSS score of 10.0 (HIGH). The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to reprogram the firmware via a replay attack using UDP ports 17336 and 17388.
How severe is CVE-2013-2820?
CVE-2013-2820 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-2820?
Check the references section above for vendor advisories and patch information. Affected products include: Sierrawireless Raven X Ev-Do Firmware, Sierrawireless Airlink Mp At\&T, Sierrawireless Airlink Mp At\&T Wifi, Sierrawireless Airlink Mp Bell, Sierrawireless Airlink Mp Bell Wifi.