CVE-2018-4073
HIGHSierrawireless Airlink Es450 Firmware - Incorrect Permission Assignment
Title source: ruleDescription
An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The the binary the endpoint /cgi-bin/Embeded_Ace_TLSet_Task.cgi is a very similar endpoint that is designed for use with setting table values that can cause an arbitrary setting writes, resulting in the unverified changes to any system setting. An attacker can make an authenticated HTTP request, or run the binary as any user, to trigger this vulnerability.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0756
Scores
CVSS v3
8.8
EPSS
0.3626
EPSS Percentile
97.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-732
Status
published
Products (1)
sierrawireless/airlink_es450_firmware
4.9.3
Published
May 06, 2019
Tracked Since
Feb 18, 2026