CVE-2018-4063
CVE-2018-4063
In short
The Sierra Wireless AirLink ES450 device allows authenticated users to upload files that can be executed on the webserver, potentially giving attackers complete control of the device.
Technical detail
An authenticated attacker can exploit improper file upload validation in upload.cgi to upload and execute arbitrary code on the webserver. The vulnerability requires prior authentication and affects firmware version 4.9.3, enabling remote code execution with high impact.
Summary generated and translated by AI from the official description.
An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · Sierra Wirelesspublic PoCs found — 1
cve_referencepacketstormsecurity.com/files/152648/Sierra-Wireless-AirLink-ES450-ACEManager-upload.cgi-Remote-Code-Execution.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/152648/Sierra-Wireless-AirLink-ES450-ACEManager-upload.cgi-Remote-Code-Execution.htmlhttps://ics-cert.us-cert.gov/advisories/ICSA-19-122-03https://talosintelligence.com/vulnerability_reports/TALOS-2018-0748https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-4063https://www.forescout.com/blog/ot-network-security-threats-industrial-routers-under-attack/http://www.securityfocus.com/bid/108147