CVE-2018-4068
MEDIUMSierra Wireless AirLink ES450 Firmware 4.9.3 - Unauthenticated Exposure of Sensitive Information via ACEManager
Title source: llmDescription
An exploitable information disclosure vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A HTTP request can result in disclosure of the default configuration for the device. An attacker can send an unauthenticated HTTP request to trigger this vulnerability.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0753
Scores
CVSS v3
5.3
EPSS
0.1140
EPSS Percentile
95.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
sierrawireless/airlink_es450_firmware
4.9.3
Published
May 06, 2019
Tracked Since
Feb 18, 2026