Find a vulnerability
Search criteria
5 vulnerabilities by SendQuick
VAR-201702-0485
Vulnerability from variot - Updated: 2025-04-20 23:35An issue was discovered on SendQuick Entera and Avera devices before 2HF16. Multiple Command Injection vulnerabilities allow attackers to execute arbitrary system commands. SendQuick Entera and Avera SMS Gateway Appliances are prone to a remote command-injection vulnerability. TalariaX SendQuick Entera and Avera are products of TalariaX Company in Singapore. The former is a web-based server management system, and the latter is a plug-and-play network monitoring system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0485",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "entera sms gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "sendquick",
"version": null
},
{
"model": "avera sms gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "sendquick",
"version": null
},
{
"model": "sendquick avera",
"scope": null,
"trust": 0.8,
"vendor": "talariax pte",
"version": null
},
{
"model": "sendquick avera",
"scope": "lt",
"trust": 0.8,
"vendor": "talariax pte",
"version": "2hf16"
},
{
"model": "sendquick entera",
"scope": null,
"trust": 0.8,
"vendor": "talariax pte",
"version": null
},
{
"model": "sendquick entera",
"scope": "lt",
"trust": 0.8,
"vendor": "talariax pte",
"version": "2hf16"
},
{
"model": "entera sms gateway 2hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "sendquick",
"version": "20141225"
},
{
"model": "avera sms gateway 2hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "sendquick",
"version": "20141225"
},
{
"model": "entera sms gateway 2hf16",
"scope": "ne",
"trust": 0.3,
"vendor": "sendquick",
"version": "20141225"
},
{
"model": "avera sms gateway 2hf16",
"scope": "ne",
"trust": 0.3,
"vendor": "sendquick",
"version": "20141225"
}
],
"sources": [
{
"db": "BID",
"id": "96129"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001475"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-809"
},
{
"db": "NVD",
"id": "CVE-2016-10098"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:sendquick:avera_sms_gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sendquick:avera_sms_gateway_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:sendquick:entera_sms_gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sendquick:entera_sms_gateway_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001475"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NianTech.",
"sources": [
{
"db": "BID",
"id": "96129"
}
],
"trust": 0.3
},
"cve": "CVE-2016-10098",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-10098",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-88840",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-10098",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-10098",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-10098",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201612-809",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-88840",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88840"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001475"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-809"
},
{
"db": "NVD",
"id": "CVE-2016-10098"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on SendQuick Entera and Avera devices before 2HF16. Multiple Command Injection vulnerabilities allow attackers to execute arbitrary system commands. SendQuick Entera and Avera SMS Gateway Appliances are prone to a remote command-injection vulnerability. TalariaX SendQuick Entera and Avera are products of TalariaX Company in Singapore. The former is a web-based server management system, and the latter is a plug-and-play network monitoring system",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-10098"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001475"
},
{
"db": "BID",
"id": "96129"
},
{
"db": "VULHUB",
"id": "VHN-88840"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-10098",
"trust": 2.8
},
{
"db": "BID",
"id": "96129",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001475",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201612-809",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-88840",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88840"
},
{
"db": "BID",
"id": "96129"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001475"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-809"
},
{
"db": "NVD",
"id": "CVE-2016-10098"
}
]
},
"id": "VAR-201702-0485",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-88840"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:35:56.421000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "sendQuick Avera",
"trust": 0.8,
"url": "http://www.talariax.com/web/avera.html"
},
{
"title": "sendQuick Entera",
"trust": 0.8,
"url": "http://www.talariax.com/web/entera.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001475"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88840"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001475"
},
{
"db": "NVD",
"id": "CVE-2016-10098"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://niantech.io/blog/2017/02/05/vulns-multiple-vulns-in-sendquick-entera-avera-sms-gateway-appliances/"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/96129"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10098"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-10098"
},
{
"trust": 0.3,
"url": "http://www.sendquick.com.au"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88840"
},
{
"db": "BID",
"id": "96129"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001475"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-809"
},
{
"db": "NVD",
"id": "CVE-2016-10098"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-88840"
},
{
"db": "BID",
"id": "96129"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001475"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-809"
},
{
"db": "NVD",
"id": "CVE-2016-10098"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-05T00:00:00",
"db": "VULHUB",
"id": "VHN-88840"
},
{
"date": "2017-02-05T00:00:00",
"db": "BID",
"id": "96129"
},
{
"date": "2017-02-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001475"
},
{
"date": "2017-01-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-809"
},
{
"date": "2017-02-05T18:59:00.133000",
"db": "NVD",
"id": "CVE-2016-10098"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-10T00:00:00",
"db": "VULHUB",
"id": "VHN-88840"
},
{
"date": "2017-03-07T03:02:00",
"db": "BID",
"id": "96129"
},
{
"date": "2017-02-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001475"
},
{
"date": "2017-02-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-809"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-10098"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-809"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SendQuick Entera and Avera Multiple command insertion vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001475"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-809"
}
],
"trust": 0.6
}
}
VAR-201702-0689
Vulnerability from variot - Updated: 2025-04-20 23:22An issue was discovered on SendQuick Entera and Avera devices before 2HF16. The application failed to check the access control of the request which could result in an attacker being able to shutdown the system. SendQuick Entera & Avera SMS Gateway Appliances are prone to the following security vulnerabilities: 1. A denial-of-service vulnerability 2. An authentication bypass vulnerability. An attacker can exploit these issues to bypass certain security restrictions and perform unauthorized actions or cause denial-of-service conditions. TalariaX SendQuick Entera and Avera are products of TalariaX Company in Singapore. The former is a web-based server management system, and the latter is a plug-and-play network monitoring system. An attacker could exploit this vulnerability to shut down the system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0689",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "entera sms gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "sendquick",
"version": null
},
{
"model": "avera sms gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "sendquick",
"version": null
},
{
"model": "sendquick avera",
"scope": null,
"trust": 0.8,
"vendor": "talariax pte",
"version": null
},
{
"model": "sendquick avera",
"scope": "lt",
"trust": 0.8,
"vendor": "talariax pte",
"version": "2hf16"
},
{
"model": "sendquick entera",
"scope": null,
"trust": 0.8,
"vendor": "talariax pte",
"version": null
},
{
"model": "sendquick entera",
"scope": "lt",
"trust": 0.8,
"vendor": "talariax pte",
"version": "2hf16"
},
{
"model": "entera sms gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "sendquick",
"version": "0"
},
{
"model": "avera sms gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "sendquick",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "96031"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001452"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-037"
},
{
"db": "NVD",
"id": "CVE-2017-5136"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:sendquick:avera_sms_gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sendquick:avera_sms_gateway_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:sendquick:entera_sms_gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sendquick:entera_sms_gateway_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001452"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NianTech.",
"sources": [
{
"db": "BID",
"id": "96031"
}
],
"trust": 0.3
},
"cve": "CVE-2017-5136",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-5136",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-113339",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-5136",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-5136",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-5136",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-037",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-113339",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-5136",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113339"
},
{
"db": "VULMON",
"id": "CVE-2017-5136"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001452"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-037"
},
{
"db": "NVD",
"id": "CVE-2017-5136"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on SendQuick Entera and Avera devices before 2HF16. The application failed to check the access control of the request which could result in an attacker being able to shutdown the system. SendQuick Entera \u0026amp; Avera SMS Gateway Appliances are prone to the following security vulnerabilities:\n1. A denial-of-service vulnerability\n2. An authentication bypass vulnerability. \nAn attacker can exploit these issues to bypass certain security restrictions and perform unauthorized actions or cause denial-of-service conditions. TalariaX SendQuick Entera and Avera are products of TalariaX Company in Singapore. The former is a web-based server management system, and the latter is a plug-and-play network monitoring system. An attacker could exploit this vulnerability to shut down the system",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5136"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001452"
},
{
"db": "BID",
"id": "96031"
},
{
"db": "VULHUB",
"id": "VHN-113339"
},
{
"db": "VULMON",
"id": "CVE-2017-5136"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5136",
"trust": 2.9
},
{
"db": "BID",
"id": "96031",
"trust": 2.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001452",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-037",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-113339",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-5136",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113339"
},
{
"db": "VULMON",
"id": "CVE-2017-5136"
},
{
"db": "BID",
"id": "96031"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001452"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-037"
},
{
"db": "NVD",
"id": "CVE-2017-5136"
}
]
},
"id": "VAR-201702-0689",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-113339"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:22:30.469000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Entera",
"trust": 0.8,
"url": "http://www.sendquick.com.au/sqentera.html"
},
{
"title": "Avera",
"trust": 0.8,
"url": "http://www.sendquick.com.au/sqavera.html"
},
{
"title": "TalariaX SendQuick Entera and Avera Repair measures for device security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67425"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001452"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-037"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-862",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113339"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001452"
},
{
"db": "NVD",
"id": "CVE-2017-5136"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "https://niantech.io/blog/2017/02/05/vulns-multiple-vulns-in-sendquick-entera-avera-sms-gateway-appliances/"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/96031"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5136"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-5136"
},
{
"trust": 0.3,
"url": "http://www.sendquick.com.au"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/862.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113339"
},
{
"db": "VULMON",
"id": "CVE-2017-5136"
},
{
"db": "BID",
"id": "96031"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001452"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-037"
},
{
"db": "NVD",
"id": "CVE-2017-5136"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-113339"
},
{
"db": "VULMON",
"id": "CVE-2017-5136"
},
{
"db": "BID",
"id": "96031"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001452"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-037"
},
{
"db": "NVD",
"id": "CVE-2017-5136"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-05T00:00:00",
"db": "VULHUB",
"id": "VHN-113339"
},
{
"date": "2017-02-05T00:00:00",
"db": "VULMON",
"id": "CVE-2017-5136"
},
{
"date": "2017-02-05T00:00:00",
"db": "BID",
"id": "96031"
},
{
"date": "2017-02-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001452"
},
{
"date": "2017-02-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-037"
},
{
"date": "2017-02-05T18:59:00.197000",
"db": "NVD",
"id": "CVE-2017-5136"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-113339"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-5136"
},
{
"date": "2017-03-07T03:02:00",
"db": "BID",
"id": "96031"
},
{
"date": "2017-02-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001452"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-037"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-5136"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-037"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SendQuick Entera and Avera Device application system shutdown vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001452"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-037"
}
],
"trust": 0.6
}
}
VAR-201702-0690
Vulnerability from variot - Updated: 2025-04-20 23:22An issue was discovered on SendQuick Entera and Avera devices before 2HF16. An attacker could request and download the SMS logs from an unauthenticated perspective. SendQuick Entera & Avera SMS Gateway Appliances are prone to the following security vulnerabilities: 1. A denial-of-service vulnerability 2. An authentication bypass vulnerability. An attacker can exploit these issues to bypass certain security restrictions and perform unauthorized actions or cause denial-of-service conditions. TalariaX SendQuick Entera and Avera are products of TalariaX Company in Singapore. The former is a web-based server management system, and the latter is a plug-and-play network monitoring system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0690",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "entera sms gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "sendquick",
"version": null
},
{
"model": "avera sms gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "sendquick",
"version": null
},
{
"model": "sendquick avera",
"scope": null,
"trust": 0.8,
"vendor": "talariax pte",
"version": null
},
{
"model": "sendquick avera",
"scope": "lt",
"trust": 0.8,
"vendor": "talariax pte",
"version": "2hf16"
},
{
"model": "sendquick entera",
"scope": null,
"trust": 0.8,
"vendor": "talariax pte",
"version": null
},
{
"model": "sendquick entera",
"scope": "lt",
"trust": 0.8,
"vendor": "talariax pte",
"version": "2hf16"
},
{
"model": "entera sms gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "sendquick",
"version": "0"
},
{
"model": "avera sms gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "sendquick",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "96031"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001476"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-036"
},
{
"db": "NVD",
"id": "CVE-2017-5137"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:sendquick:avera_sms_gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sendquick:avera_sms_gateway_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:sendquick:entera_sms_gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sendquick:entera_sms_gateway_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001476"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NianTech.",
"sources": [
{
"db": "BID",
"id": "96031"
}
],
"trust": 0.3
},
"cve": "CVE-2017-5137",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-5137",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-113340",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.5,
"id": "CVE-2017-5137",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-5137",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-5137",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-036",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-113340",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113340"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001476"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-036"
},
{
"db": "NVD",
"id": "CVE-2017-5137"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on SendQuick Entera and Avera devices before 2HF16. An attacker could request and download the SMS logs from an unauthenticated perspective. SendQuick Entera \u0026amp; Avera SMS Gateway Appliances are prone to the following security vulnerabilities:\n1. A denial-of-service vulnerability\n2. An authentication bypass vulnerability. \nAn attacker can exploit these issues to bypass certain security restrictions and perform unauthorized actions or cause denial-of-service conditions. TalariaX SendQuick Entera and Avera are products of TalariaX Company in Singapore. The former is a web-based server management system, and the latter is a plug-and-play network monitoring system",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5137"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001476"
},
{
"db": "BID",
"id": "96031"
},
{
"db": "VULHUB",
"id": "VHN-113340"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5137",
"trust": 2.8
},
{
"db": "BID",
"id": "96031",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001476",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-036",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-113340",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113340"
},
{
"db": "BID",
"id": "96031"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001476"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-036"
},
{
"db": "NVD",
"id": "CVE-2017-5137"
}
]
},
"id": "VAR-201702-0690",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-113340"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:22:30.439000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "sendQuick Avera",
"trust": 0.8,
"url": "http://www.talariax.com/web/avera.html"
},
{
"title": "sendQuick Entera",
"trust": 0.8,
"url": "http://www.talariax.com/web/entera.html"
},
{
"title": "TalariaX SendQuick Entera and Avera Repair measures for device security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67424"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001476"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-036"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-532",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113340"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001476"
},
{
"db": "NVD",
"id": "CVE-2017-5137"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://niantech.io/blog/2017/02/05/vulns-multiple-vulns-in-sendquick-entera-avera-sms-gateway-appliances/"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/96031"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5137"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-5137"
},
{
"trust": 0.3,
"url": "http://www.sendquick.com.au"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113340"
},
{
"db": "BID",
"id": "96031"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001476"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-036"
},
{
"db": "NVD",
"id": "CVE-2017-5137"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-113340"
},
{
"db": "BID",
"id": "96031"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001476"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-036"
},
{
"db": "NVD",
"id": "CVE-2017-5137"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-05T00:00:00",
"db": "VULHUB",
"id": "VHN-113340"
},
{
"date": "2017-02-05T00:00:00",
"db": "BID",
"id": "96031"
},
{
"date": "2017-02-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001476"
},
{
"date": "2017-02-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-036"
},
{
"date": "2017-02-05T18:59:00.227000",
"db": "NVD",
"id": "CVE-2017-5137"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-09T00:00:00",
"db": "VULHUB",
"id": "VHN-113340"
},
{
"date": "2017-03-07T03:02:00",
"db": "BID",
"id": "96031"
},
{
"date": "2017-02-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001476"
},
{
"date": "2017-02-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-036"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-5137"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-036"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SendQuick Entera and Avera Unauthenticated on device SMS Vulnerability that requires logging",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001476"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-036"
}
],
"trust": 0.6
}
}
CVE-2025-26312 (GCVE-0-2025-26312)
Vulnerability from nvd – Published: 2025-03-14 00:00 – Updated: 2025-03-18 14:11- CWE-472 - External Control of Assumed-Immutable Web Parameter
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26312",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-18T14:10:57.640271Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T14:11:32.183Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Entera",
"vendor": "SendQuick",
"versions": [
{
"lessThan": "SQVM-20170813-11HF5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SendQuick Entera devices before 11HF5 are vulnerable to CAPTCHA bypass by removing the Captcha parameter."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-472",
"description": "CWE-472 External Control of Assumed-Immutable Web Parameter",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T15:42:39.909Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://medium.com/@retro.metro/cve-2025-26312-captcha-bypass-vulnerability-in-sendquick-entera-devices-68708e203216"
},
{
"url": "https://www.sendquick.com/products/sendquick-entera/"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-26312",
"datePublished": "2025-03-14T00:00:00.000Z",
"dateReserved": "2025-02-07T00:00:00.000Z",
"dateUpdated": "2025-03-18T14:11:32.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-26312 (GCVE-0-2025-26312)
Vulnerability from cvelistv5 – Published: 2025-03-14 00:00 – Updated: 2025-03-18 14:11- CWE-472 - External Control of Assumed-Immutable Web Parameter
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26312",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-18T14:10:57.640271Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T14:11:32.183Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Entera",
"vendor": "SendQuick",
"versions": [
{
"lessThan": "SQVM-20170813-11HF5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SendQuick Entera devices before 11HF5 are vulnerable to CAPTCHA bypass by removing the Captcha parameter."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-472",
"description": "CWE-472 External Control of Assumed-Immutable Web Parameter",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T15:42:39.909Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://medium.com/@retro.metro/cve-2025-26312-captcha-bypass-vulnerability-in-sendquick-entera-devices-68708e203216"
},
{
"url": "https://www.sendquick.com/products/sendquick-entera/"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-26312",
"datePublished": "2025-03-14T00:00:00.000Z",
"dateReserved": "2025-02-07T00:00:00.000Z",
"dateUpdated": "2025-03-18T14:11:32.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}