A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware prior to 4.4.5 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware prior to 4.9 could allow an authenticated remote malicious user to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. This vulnerability is due to insufficient input validation on user-controlled input in an HTTP request to the targeted device. An attacker in possession of router login credentials could exploit this vulnerability by sending a crafted HTTP request to an affected system.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sierrawireless gx440_firmware |
||
sierrawireless es440_firmware |
||
sierrawireless ls300_firmware |
||
sierrawireless gx400_firmware |
||
sierrawireless es450_firmware |
||
sierrawireless rv50_firmware |
||
sierrawireless rv50x_firmware |
||
sierrawireless mp70_firmware |
||
sierrawireless mp70e_firmware |
||
sierrawireless gx450_firmware |