PT-2015-1723 · Sierra Wireless · Airlink Ls300+3

Published

2015-08-03

Updated

2015-08-11

CVE-2015-2897

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Sierra Wireless AirLink GX450, AirLink ES440, AirLink GX440, AirLink LS300 versions prior to 4.4.2

Description The issue is related to the presence of a hardcoded root account in the software of Sierra Wireless AirLink devices. This allows a remote attacker to gain administrative access to the device by establishing a connection via SSH or TELNET protocols.

Recommendations For versions prior to 4.4.2, update the software to version 4.4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to SSH and TELNET protocols until a patch is applied.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-259

Related Identifiers

BDU:2015-11069

CVE-2015-2897

Affected Products

Airlink Es440

Airlink Gx440

Airlink Gx450

Airlink Ls300

PT-2015-1723 · Sierra Wireless · Airlink Ls300+3

CVE-2015-2897

Weakness Enumeration

Related Identifiers

Affected Products

References · 5