CVE-2018-10251Missing Authorization in Aleos

CWE-862Missing AuthorizationCWE-1188Initialization of a Resource with an Insecure Default2 documents2 sources
Severity
9.8CRITICALNVD
EPSS
0.1%
top 76.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Sierrawireless Aleos
Timeline
PublishedMay 4
Latest updateMay 13

Description

A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.7 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9.3 could allow an unauthenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDsierrawireless/aleos< 4.4.7+1

🔴Vulnerability Details

1
GHSA
GHSA-fwv8-jff3-8mm6: A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 42022-05-13
CVE-2018-10251 — Missing Authorization in Aleos | cvebase