CVE-2016-10316

Name of the Vulnerable Software and Affected Versions Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3) Jensen of Scandinavia AS Air:Link 5000AC (AL5000AC) version 1.13 Jensen of Scandinavia AS Air:Link 59300 (AL59300) version 1.04 (Rev. 4)

Description The issue allows remote attackers to conduct Open Redirect attacks. This is achieved via the return-url parameter to the "/goform/formLogout" API endpoint.

Recommendations For Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), consider disabling access to the /goform/formLogout endpoint until a patch is available. For Jensen of Scandinavia AS Air:Link 5000AC (AL5000AC) version 1.13, restrict the use of the return-url parameter in the /goform/formLogout endpoint to minimize the risk of exploitation. For Jensen of Scandinavia AS Air:Link 59300 (AL59300) version 1.04 (Rev. 4), avoid using the return-url parameter in the affected API endpoint until the issue is resolved.