Airlink Raven Xt Firmware
Approved changes feed: RSS · Atom
cpe:2.3:o:sierra_wireless:airlink_raven_xt_firmware:-:*:*:*:*:*:*:*
part: o version: - update: *
| Vendor | Sierra Wireless (4dd8198e-e8a3-50cc-9902-1e1919098fb4) |
|---|---|
| Product | Airlink Raven Xt Firmware (3cc37d97-70b3-564b-a003-bae97b0c8e8d) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2017-6046 |
vulnerable | 2026-06-08 05:09:50.449142 |
Details available
An Insufficiently Protected Credentials issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Sensitive information is insufficiently protected during transmission and vulnerable to sniffing, which could lead to information disclosure.
Published: 2017-06-30T02:35:00.000Z
Updated: 2024-08-05T15:18:49.730Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-6044 |
vulnerable | 2026-06-08 05:09:50.448177 |
Details available
An Improper Authorization issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Several files and directories can be accessed without authentication, which may allow a remote attacker to perform sensitive functions including arbitrary file upload, file download, and device reboot.
Published: 2017-06-30T02:35:00.000Z
Updated: 2024-08-05T15:18:49.645Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-6042 |
vulnerable | 2026-06-08 05:09:50.444666 |
Details available
A Cross-Site Request Forgery issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Affected devices do not verify if a request was intentionally sent by the logged-in user, which may allow an attacker to trick a client into making an unintentional request to the web server that will be treated as an authentic request.
Published: 2017-06-30T02:35:00.000Z
Updated: 2024-08-05T15:18:49.761Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.