CVE-2016-10042

Published: Jun 29, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Authorization Bypass in the Web interface of Arcadyan SLT-00 Star* (aka Swisscom Internet-Box) devices before R7.7 allows unauthorized reconfiguration of the static routing table via an unauthenticated HTTP request, leading to denial of service and information disclosure.

Affected (1)

Products: Arcadyan: Swisscom Internet Box Firmware

1 product

Swisscom Internet Box Firmware

Configuration A

1 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Arcadyan Swisscom Internet Box Firmware	All versions

Running on/with	Platform Versions
Arcadyan Swisscom Internet Box	All versions
Arcadyan Swisscom Internet Box	All versions
Arcadyan Swisscom Internet Box	All versions

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2016-10042.txt

Source: cve@mitre.org

Vendor Advisory

https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2016-10042.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.