Total
26 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-4066 | 1 Sierrawireless | 2 Airlink Es450, Airlink Es450 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable cross-site request forgery vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause an authenticated user to perform privileged requests unknowingly, resulting in unauthenticated requests being requested through an authenticated user. An attacker can get an authenticated user to request authenticated pages on the attacker's behalf to trigger this vulnerability. | |||||
| CVE-2018-4065 | 1 Sierrawireless | 2 Airlink Es450, Airlink Es450 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An exploitable cross-site scripting vulnerability exists in the ACEManager ping_result.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the victim's browser. An attacker can get a victim to click a link, or embedded URL, that redirects to the reflected cross-site scripting vulnerability to trigger this vulnerability. | |||||
| CVE-2018-4064 | 1 Sierrawireless | 2 Airlink Es450, Airlink Es450 Firmware | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user password on the device. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2018-4063 | 1 Sierrawireless | 2 Airlink Es450, Airlink Es450 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2018-4062 | 1 Sierrawireless | 2 Airlink Es450, Airlink Es450 Firmware | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| A hard-coded credentials vulnerability exists in the snmpd function of the Sierra Wireless AirLink ES450 FW 4.9.3. Activating snmpd outside of the WebUI can cause the activation of the hard-coded credentials, resulting in the exposure of a privileged user. An attacker can activate snmpd without any configuration changes to trigger this vulnerability. | |||||
| CVE-2018-4061 | 1 Sierrawireless | 2 Airlink Es450, Airlink Es450 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HTTP request to trigger this vulnerability. | |||||