CVE-2018-4064
Sierra Wireless AirLink ES450 ACEManager upload.cgi Unverified Password Change
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user password on the device. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Se presenta una vulnerabilidad de cambio de contraseña no comprobado explotable en la funcionalidad ACEManager upload.cgi de Sierra Wireless AirLink ES450 FW versión 4.9.3. Una petición HTTP especialmente diseñada puede causar un cambio no comprobado en la configuración del dispositivo, resultando en un cambio no comprobado de la contraseña del usuario en el dispositivo. Un atacante puede llevar a cabo una petición HTTP autenticada para activar esta vulnerabilidad.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-01-02 CVE Reserved
- 2019-04-26 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-287: Improper Authentication
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0749 | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Sierrawireless Search vendor "Sierrawireless" | Airlink Es450 Firmware Search vendor "Sierrawireless" for product "Airlink Es450 Firmware" | 4.9.3 Search vendor "Sierrawireless" for product "Airlink Es450 Firmware" and version "4.9.3" | - |
Affected
| in | Sierrawireless Search vendor "Sierrawireless" | Airlink Es450 Search vendor "Sierrawireless" for product "Airlink Es450" | - | - |
Safe
|