cbcvebase.
CVE-2018-4063
published 2019-05-06

CVE-2018-4063: An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP…

PriorityP187high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2026-01-02
Exploited in the wild
EPSS
28.06%
97.9th percentile
An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Affected

3 ranges
VendorProductVersion rangeFixed in
sierrawirelessaleos< 4.4.94.4.9
sierrawirelessaleos< 4.11.04.11.0
sierrawirelessaleos< 4.9.44.9.4

Detection & IOCsextracted from sources · hover to see the quote

path/upload.cgi
  • Monitor for authenticated HTTP requests targeting the upload.cgi endpoint on Sierra Wireless AirLink ES450 devices, particularly those uploading executable file types.
  • Uploaded executable files become routable/accessible via the webserver — hunt for unexpected executable files served from the device's web root following upload.cgi requests.
  • ·Exploitation requires authentication; unauthenticated access alone is insufficient to trigger the vulnerability. Detection should account for valid session credentials being used.
  • ·The affected firmware version is specifically 4.9.3 on the Sierra Wireless AirLink ES450. Devices on other firmware versions may not be confirmed vulnerable.
  • ·The impacted product may be end-of-life/end-of-service; patches may not be available and device retirement should be considered.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vulncheck8.8HIGH
cisa8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.