CVE-2018-4063
HIGH KEVSierra Wireless ALEOS < 4.4.9 - Authenticated Remote Code Execution via upload.cgi
Title source: llmExploitation Summary
CVE-2018-4063 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added December 12, 2025.
Description
An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticated HTTP request to trigger this vulnerability.
References (6)
Core 6
Core References
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-4063
Exploit, Third Party Advisory
https://www.forescout.com/blog/ot-network-security-threats-industrial-routers-under-attack/
Exploit, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/152648/Sierra-Wireless-AirLink-ES450-ACEManager-upload.cgi-Remote-Code-Execution.html
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03
Broken Link vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/108147
Exploit, Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0748
Scores
CVSS v3
8.8
EPSS
0.0218
EPSS Percentile
84.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2025-12-12
VulnCheck KEV
2025-12-11
ENISA EUVD
EUVD-2018-15849
CWE
CWE-434
Status
published
Products (2)
None/Sierra Wireless
Sierra Wireless AirLink ES450 FW 4.9.3
sierrawireless/aleos
< 4.4.9
Published
May 06, 2019
KEV Added
Dec 12, 2025
Tracked Since
Feb 18, 2026