CVE-2016-10313 in Air:Link 3G
Summary
by MITRE
Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to conduct CSRF attacks via certain /goform/* pages.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 08/25/2020
The CVE-2016-10313 vulnerability affects several Air:Link 3G and Air:Link 5000 series devices manufactured by Jensen of Scandinavia AS, specifically targeting versions 2.23m (Rev. 3), 1.13, and 1.04 (Rev. 4) respectively. These industrial networking devices serve as critical communication endpoints for various IoT and industrial applications, making them attractive targets for cyber adversaries seeking to compromise network infrastructure. The vulnerability resides within the web-based management interfaces of these devices, which are accessible through HTTP protocols and provide administrative control over device configuration and operation.
The technical flaw manifests as a lack of proper Cross-Site Request Forgery (CSRF) protection mechanisms within the affected devices' web interfaces. The vulnerable /goform/* pages do not implement anti-CSRF tokens or other validation mechanisms to verify that requests originate from legitimate administrative sessions. This allows remote attackers to craft malicious web pages or exploit existing network conditions that can trick authenticated users into performing unintended administrative actions on the affected devices. The absence of CSRF protection means that any user with valid credentials who visits a malicious website or clicks on a crafted link could inadvertently execute administrative commands without their knowledge or consent.
The operational impact of this vulnerability is significant for organizations relying on these devices for network connectivity and industrial control systems. An attacker who successfully exploits this vulnerability could modify device configurations, potentially disrupting network services, changing network parameters, or gaining unauthorized access to connected systems. The vulnerability enables attackers to perform actions such as changing network settings, modifying user accounts, updating firmware, or altering security configurations without detection. Given that these devices often serve as gateways between industrial networks and external connectivity, the compromise could lead to broader network infiltration or disruption of critical operations.
This vulnerability aligns with CWE-352, which specifically addresses Cross-Site Request Forgery weaknesses in web applications, and corresponds to ATT&CK technique T1071.004 for application layer protocol manipulation. The attack surface is particularly concerning for industrial environments where these devices may be exposed to untrusted network segments or where user access controls are insufficient. Organizations should implement immediate mitigations including network segmentation to isolate these devices from untrusted networks, disabling unnecessary web management interfaces, and ensuring that administrative access is restricted to trusted network zones. Regular firmware updates and security assessments of industrial network equipment remain critical defensive measures against similar vulnerabilities in operational technology environments.