CVE-2018-4067
published 2019-05-06CVE-2018-4067: An exploitable information disclosure vulnerability exists in the ACEManager template_load.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A…
PriorityP339medium6.5CVSS 3.0
AVNACLPRLUINSUCHINAN
EPSS
4.13%
89.6th percentile
An exploitable information disclosure vulnerability exists in the ACEManager template_load.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a information leak, resulting in the disclosure of internal paths and files. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sierrawireless | airlink_es450_firmware | — | — |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q6wp-52wj-895x: An exploitable information disclosure vulnerability exists in the ACEManager template_load
ghsa_unreviewed·2022-05-24
CVE-2018-4067 [MEDIUM] CWE-200 GHSA-q6wp-52wj-895x: An exploitable information disclosure vulnerability exists in the ACEManager template_load
An exploitable information disclosure vulnerability exists in the ACEManager template_load.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a information leak, resulting in the disclosure of internal paths and files. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CISA ICS
Sierra Wireless AirLink ALEOS (Update B)
cisa_ics·2019-08-20·CVSS 8.8
[HIGH] Sierra Wireless AirLink ALEOS (Update B)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Sierra Wireless AirLink ALEOS (Update B)
Last RevisedApril 23, 2020
Alert CodeICSA-19-122-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.1
- ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available
- Vendor: Sierra Wireless
- Equipment: AirLink ALEOS
- Vulnerabilities: OS Command Injection, Use of Hard-coded Credentials, Unrestricted Upload of File with Dangerous Type, Cross-site Scripting, Cross-site Request Forgery, Information Exposure, Missing Encryption of Sensitive Data
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the origi
No detection rules found.
No public exploits indexed.
Talos
The many vulnerabilities Talos discovered in SOHO and industrial wireless routers post-VPNFilter
blogs_talos·2023-08-02
The many vulnerabilities Talos discovered in SOHO and industrial wireless routers post-VPNFilter
## The many vulnerabilities Talos discovered in SOHO and industrial wireless routers post-VPNFilter
Since the discovery of the widespread VPNFilter malware in 2018 , Cisco Talos researchers have been researching vulnerabilities in small and home office (SOHO) and industrial routers.
During that research, Talos has worked with vendors to report and mitigate these vulnerabilities, totaling 141 advisories covering 289 CVEs across multiple routers.
Talos is highlighting some of the major issues our researchers discovered over the past several years, including vulnerabilities that an attacker could mostly directly access or those an adversary could chain together to gain elevated access to the devices.
There are several Snort rules that can detect possible exploitation of the vulnerabilitie
Talos
The many vulnerabilities Talos discovered in SOHO and industrial wireless routers post-VPNFilter
blogs_talos·2023-08-02
The many vulnerabilities Talos discovered in SOHO and industrial wireless routers post-VPNFilter
- Since the discovery of the widespread VPNFilter malware in 2018, Cisco Talos researchers have been researching vulnerabilities in small and home office (SOHO) and industrial routers.
- During that research, Talos has worked with vendors to report and mitigate these vulnerabilities, totaling 141 advisories covering 289 CVEs across multiple routers.
- Talos is highlighting some of the major issues our researchers discovered over the past several years, including vulnerabilities that an attacker could mostly directly access or those an adversary could chain together to gain elevated access to the devices.
- There are several Snort rules that can detect possible exploitation of the vulnerabilities included in this post.
Small office/home office (SOHO) routers and small-scale industrial rout
Talos
Vulnerability Spotlight: Multiple vulnerabilities in Sierra Wireless AirLink ES450
blogs_talos·2019-04-25·CVSS 8.8
[HIGH] Vulnerability Spotlight: Multiple vulnerabilities in Sierra Wireless AirLink ES450
## Vulnerability Spotlight: Multiple vulnerabilities in Sierra Wireless AirLink ES450
Several exploitable vulnerabilities exist in the Sierra Wireless AirLink ES450, an LTE gateway designed for distributed enterprise, such as retail point-of-sale or industrial control systems. These flaws present a number of attack vectors for a malicious actor, and could allow them to remotely execute code on the victim machine, change the administrator’s password and expose user credentials, among other scenarios. The majority of these vulnerabilities exist in ACEManager, the web server included with the ES450. ACEManager is responsible for the majority of interactions on the device, including device reconfiguration, user authentication and certificate management. In accordance with our coordinated disc
Talos
Vulnerability Spotlight: Multiple vulnerabilities in Sierra Wireless AirLink ES450
blogs_talos·2019-04-25·CVSS 8.8
[HIGH] Vulnerability Spotlight: Multiple vulnerabilities in Sierra Wireless AirLink ES450
Several exploitable vulnerabilities exist in the Sierra Wireless AirLink ES450, an LTE gateway designed for distributed enterprise, such as retail point-of-sale or industrial control systems. These flaws present a number of attack vectors for a malicious actor, and could allow them to remotely execute code on the victim machine, change the administrator’s password and expose user credentials, among other scenarios. The majority of these vulnerabilities exist in ACEManager, the web server included with the ES450. ACEManager is responsible for the majority of interactions on the device, including device reconfiguration, user authentication and certificate management.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Sierra Wireless to ensure that these issues are
http://packetstormsecurity.com/files/152652/Sierra-Wireless-AirLink-ES450-ACEManager-template_load.cgi-Information-Disclosure.htmlhttp://www.securityfocus.com/bid/108147https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03https://talosintelligence.com/vulnerability_reports/TALOS-2018-0752http://packetstormsecurity.com/files/152652/Sierra-Wireless-AirLink-ES450-ACEManager-template_load.cgi-Information-Disclosure.htmlhttp://www.securityfocus.com/bid/108147https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03https://talosintelligence.com/vulnerability_reports/TALOS-2018-0752
2019-05-06
Published