CVE-2017-5136

Published: Feb 5, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered on SendQuick Entera and Avera devices before 2HF16. The application failed to check the access control of the request which could result in an attacker being able to shutdown the system.

Affected (2)

Products: Sendquick: Entera Sms Gateway Firmware, Avera Sms Gateway Firmware

Sendquick

2 products

Entera Sms Gateway Firmware

Avera Sms Gateway Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sendquick Entera Sms Gateway Firmware	All versions

Running on/with	Platform Versions
Sendquick Entera Sms Gateway	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sendquick Avera Sms Gateway Firmware	All versions

Running on/with	Platform Versions
Sendquick Avera Sms Gateway	All versions

Related CWEs

CWE-862

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (4)

http://www.securityfocus.com/bid/96031

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://niantech.io/blog/2017/02/05/vulns-multiple-vulns-in-sendquick-entera-avera-sms-gateway-appliances/

Source: cve@mitre.org

Third Party AdvisoryURL Repurposed

http://www.securityfocus.com/bid/96031

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://niantech.io/blog/2017/02/05/vulns-multiple-vulns-in-sendquick-entera-avera-sms-gateway-appliances/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryURL Repurposed

Timeline

No history available yet.