Vulnerabilities > Sierrawireless > Airlink Es450 Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2019-10-31 CVE-2018-4064 Improper Authentication vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3
An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3.
network
low complexity
sierrawireless CWE-287
7.1
7.1
2019-05-06 CVE-2018-4073 Incorrect Permission Assignment for Critical Resource vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3
An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3.
network
low complexity
sierrawireless CWE-732
8.8
8.8
2019-05-06 CVE-2018-4072 Incorrect Permission Assignment for Critical Resource vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3
An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3.
network
low complexity
sierrawireless CWE-732
8.8
8.8
2019-05-06 CVE-2018-4071 Information Exposure vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3
An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3.
network
low complexity
sierrawireless CWE-200
8.8
8.8
2019-05-06 CVE-2018-4070 Information Exposure vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3
An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3.
network
low complexity
sierrawireless CWE-200
8.8
8.8
2019-05-06 CVE-2018-4066 Cross-Site Request Forgery (CSRF) vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3
An exploitable cross-site request forgery vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3.
network
low complexity
sierrawireless CWE-352
8.8
8.8
2019-05-06 CVE-2018-4063 Unrestricted Upload of File with Dangerous Type vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3
An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3.
network
low complexity
sierrawireless CWE-434
8.8
8.8
2019-05-06 CVE-2018-4062 Use of Hard-coded Credentials vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3
A hard-coded credentials vulnerability exists in the snmpd function of the Sierra Wireless AirLink ES450 FW 4.9.3.
network
high complexity
sierrawireless CWE-798
8.1
8.1
2019-05-06 CVE-2018-4069 Information Exposure vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3
An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3.
network
low complexity
sierrawireless CWE-200
7.5
7.5
2019-05-06 CVE-2018-4061 OS Command Injection vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3
An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3.
network
low complexity
sierrawireless CWE-78
8.8
8.8