TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2018-4063

HIGHCISA KEV
8.8

Beschreibung

An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE Details

CVSS v3.1 Bewertung8.8
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht5/6/2019
Zuletzt geandert12/15/2025
Quellekev
Honeypot-Sichtungen0

CISA KEV

HerstellerSierra Wireless
ProduktAirLink ALEOS
SchwachstellennameSierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability
KEV Aufnahmedatum2025-12-12
Behebungsfrist2026-01-02
Ransomware-NutzungUnknown

Betroffene Produkte

sierrawireless:airlink_es440sierrawireless:airlink_es450sierrawireless:airlink_gx400sierrawireless:airlink_gx440sierrawireless:airlink_gx450sierrawireless:airlink_ls300sierrawireless:airlink_lx40sierrawireless:airlink_lx60sierrawireless:airlink_mp70sierrawireless:airlink_mp70esierrawireless:airlink_rv50sierrawireless:airlink_rv50xsierrawireless:aleos

Schwachen (CWE)

CWE-434CWE-434

Referenzen

http://packetstormsecurity.com/files/152648/Sierra-Wireless-AirLink-ES450-ACEManager-upload.cgi-Remote-Code-Execution.html(talos-cna@cisco.com)
http://www.securityfocus.com/bid/108147(talos-cna@cisco.com)
https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03(talos-cna@cisco.com)
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0748(talos-cna@cisco.com)
http://packetstormsecurity.com/files/152648/Sierra-Wireless-AirLink-ES450-ACEManager-upload.cgi-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/108147(af854a3a-2127-422b-91ae-364da2661108)
https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03(af854a3a-2127-422b-91ae-364da2661108)
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0748(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-4063(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://www.forescout.com/blog/ot-network-security-threats-industrial-routers-under-attack/(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.