CVE-2016-10312

Name of the Vulnerable Software and Affected Versions Air:Link 3G (AL3G) version 2.23m (Rev. 3) Air:Link 5000AC (AL5000AC) version 1.13 Air:Link 59300 (AL59300) version 1.04 (Rev. 4)

Description The issue is related to the lack of data sanitization on the management level of the AirLink router firmware. This can be exploited by a remote attacker to execute arbitrary commands using shell metacharacters on certain pages, such as "/goform/*" pages.

Recommendations For Air:Link 3G (AL3G) version 2.23m (Rev. 3), update to a version that addresses the issue of shell metacharacter injection in /goform/* pages. For Air:Link 5000AC (AL5000AC) version 1.13, update to a version that addresses the issue of shell metacharacter injection in /goform/* pages. For Air:Link 59300 (AL59300) version 1.04 (Rev. 4), update to a version that addresses the issue of shell metacharacter injection in /goform/* pages. As a temporary workaround, consider restricting access to the /goform/* pages until a patch is available.