CVE-2018-4068

MEDIUM

Sierra Wireless AirLink ES450 Firmware 4.9.3 - Unauthenticated Exposure of Sensitive Information via ACEManager

Title source: llm
STIX 2.1

Description

An exploitable information disclosure vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A HTTP request can result in disclosure of the default configuration for the device. An attacker can send an unauthenticated HTTP request to trigger this vulnerability.

References (1)

Core 1
Core References

Scores

CVSS v3 5.3
EPSS 0.1140
EPSS Percentile 95.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
sierrawireless/airlink_es450_firmware 4.9.3
Published May 06, 2019
Tracked Since Feb 18, 2026