CVE-2018-4064
HIGHSierra Wireless AirLink ES450 Firmware 4.9.3 - Authenticated Unverified Password Change via ACEManager upload.cgi
Title source: llmDescription
An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user password on the device. An attacker can make an authenticated HTTP request to trigger this vulnerability.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0749
Scores
CVSS v3
7.1
EPSS
0.1611
EPSS Percentile
96.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
Details
CWE
CWE-287
Status
published
Products (1)
sierrawireless/airlink_es450_firmware
4.9.3
Published
Oct 31, 2019
Tracked Since
Feb 18, 2026