CVE-2018-4064

An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user password on the...

CVE-2018-4069

An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintext XML to the web server. An attacker can listen to network traffic upstream from the device to...

CVE-2018-4061

An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HTTP reque...

CVE-2018-4070

An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. This binary does not have any restricted configuration settings, so once the MSCIID is discovered, any authenticated user can send...

CVE-2018-4065

An exploitable cross-site scripting vulnerability exists in the ACEManager pingresult.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the...

CISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE Attacks

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added a high-severity flaw impacting Sierra Wireless AirLink ALEOS routers to its Known Exploited Vulnerabilities KEV catalog, following reports of active exploitation in the wild. CVE-2018-4063 CVSS score: 8.8/9.9 refers to...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2018-4063link is external Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability This type of vulnerability is a frequent...

Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability

Sierra Wireless AirLink ALEOS contains an unrestricted upload of file with dangerous type vulnerability. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticated HTTP request to trigger...

VulnCheck KEV: CVE-2018-4063

An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticat...

EUVD-2020-3459

Malware in sbrugna...

EUVD-2013-2759

Malware in sbrugna...

EUVD-2017-15110

Malware in sbrugna...

EUVD-2018-15854

Malware in sbrugna...

EUVD-2018-15849

Malware in sbrugna...

EUVD-2018-15851

Malware in sbrugna...

EUVD-2017-15112

Malware in sbrugna...

EUVD-2018-15853

Malware in sbrugna...

EUVD-2018-15848

Malware in sbrugna...

EUVD-2017-15114

Malware in sbrugna...

EUVD-2018-15847

Malware in sbrugna...