Total
26 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-4065 | 1 Sierrawireless | 2 Airlink Es450, Airlink Es450 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An exploitable cross-site scripting vulnerability exists in the ACEManager ping_result.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the victim's browser. An attacker can get a victim to click a link, or embedded URL, that redirects to the reflected cross-site scripting vulnerability to trigger this vulnerability. | |||||
| CVE-2018-4064 | 1 Sierrawireless | 2 Airlink Es450, Airlink Es450 Firmware | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user password on the device. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2018-4063 | 1 Sierrawireless | 2 Airlink Es450, Airlink Es450 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2018-4062 | 1 Sierrawireless | 2 Airlink Es450, Airlink Es450 Firmware | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| A hard-coded credentials vulnerability exists in the snmpd function of the Sierra Wireless AirLink ES450 FW 4.9.3. Activating snmpd outside of the WebUI can cause the activation of the hard-coded credentials, resulting in the exposure of a privileged user. An attacker can activate snmpd without any configuration changes to trigger this vulnerability. | |||||
| CVE-2018-4061 | 1 Sierrawireless | 2 Airlink Es450, Airlink Es450 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2015-2897 | 1 Sierrawireless | 6 Airlink Es440, Airlink Es450, Airlink Gx440 and 3 more | 2024-11-21 | 10.0 HIGH | N/A |
| Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote attackers to obtain administrative access via a (1) SSH or (2) TELNET session. | |||||