Vulnerabilities > Sierrawireless > Airlink Es450 Firmware

DATE CVE VULNERABILITY TITLE RISK
2019-10-31 CVE-2018-4064 Improper Authentication vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3
An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3.
network
low complexity
sierrawireless CWE-287
7.1
2019-05-06 CVE-2018-4073 Incorrect Permission Assignment for Critical Resource vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3
An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3.
network
low complexity
sierrawireless CWE-732
8.8
2019-05-06 CVE-2018-4072 Incorrect Permission Assignment for Critical Resource vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3
An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3.
network
low complexity
sierrawireless CWE-732
8.8
2019-05-06 CVE-2018-4071 Information Exposure vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3
An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3.
network
low complexity
sierrawireless CWE-200
8.8
2019-05-06 CVE-2018-4070 Information Exposure vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3
An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3.
network
low complexity
sierrawireless CWE-200
8.8
2019-05-06 CVE-2018-4067 Information Exposure vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3
An exploitable information disclosure vulnerability exists in the ACEManager template_load.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3.
network
low complexity
sierrawireless CWE-200
6.5
2019-05-06 CVE-2018-4066 Cross-Site Request Forgery (CSRF) vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3
An exploitable cross-site request forgery vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3.
network
low complexity
sierrawireless CWE-352
8.8
2019-05-06 CVE-2018-4065 Cross-site Scripting vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3
An exploitable cross-site scripting vulnerability exists in the ACEManager ping_result.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3.
network
low complexity
sierrawireless CWE-79
6.1
2019-05-06 CVE-2018-4063 Unrestricted Upload of File with Dangerous Type vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3
An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3.
network
low complexity
sierrawireless CWE-434
8.8
2019-05-06 CVE-2018-4062 Use of Hard-coded Credentials vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3
A hard-coded credentials vulnerability exists in the snmpd function of the Sierra Wireless AirLink ES450 FW 4.9.3.
network
high complexity
sierrawireless CWE-798
8.1