Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 04/05/2018 Updated: 13/06/2018

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 801

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware prior to 4.4.5 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware prior to 4.9 could allow an authenticated remote malicious user to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. This vulnerability is due to insufficient input validation on user-controlled input in an HTTP request to the targeted device. An attacker in possession of router login credentials could exploit this vulnerability by sending a crafted HTTP request to an affected system.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sierrawireless gx440_firmware
sierrawireless es440_firmware
sierrawireless ls300_firmware
sierrawireless gx400_firmware
sierrawireless es450_firmware
sierrawireless rv50_firmware
sierrawireless rv50x_firmware
sierrawireless mp70_firmware
sierrawireless mp70e_firmware
sierrawireless gx450_firmware

CWE-20 https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/swi-psa-2018-003-technical-bulletin-reaper/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-15043

Vulnerability Summary

References

Vulmon Search

About

Products

Connect