Lucene search
K

12 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.12 views

EUVD-2018-15848

Malware in sbrugna...

9.3CVSS8AI score0.05324EPSS
Exploits3References6
Prion
Prion
added 2019/10/31 9:15 p.m.21 views

Cross site request forgery (csrf)

An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user password on the...

5.5CVSS6.7AI score0.16106EPSS
Exploits3References1Affected Software1
Prion
Prion
added 2019/05/06 7:29 p.m.17 views

Remote code execution

An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticat...

9CVSS8.8AI score0.27851EPSS
Exploits3References4Affected Software1
Prion
Prion
added 2019/05/06 7:29 p.m.18 views

Design/Logic Flaw

An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The EmbeddedAceSetTask.cgi executable is used to change MSCII configuration values within the configuration manager of the AirLink ES450. Thi...

6.5CVSS8.5AI score0.26556EPSS
Exploits3References1Affected Software1
CVE
CVE
added 2019/05/06 6:50 p.m.53 views

CVE-2018-4067

CVE-2018-4067 is an information-disclosure vulnerability in the ACEManager template_load.cgi of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted authenticated HTTP request can cause a leak of internal file paths and files. The Red Hat and CNVD entries mirror the same description, and C...

6.5CVSS6.2AI score0.04132EPSS
Exploits3References4Affected Software1
Cvelist
Cvelist
added 2019/05/06 6:38 p.m.31 views

CVE-2018-4066

An exploitable cross-site request forgery vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause an authenticated user to perform privileged requests unknowingly, resulting in unauthenticated requests being...

8.6AI score0.02188EPSS
Exploits3References4
Prion
Prion
added 2019/05/06 6:29 p.m.20 views

Information disclosure

An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintext XML to the web server. An attacker can listen to network traffic upstream from the device to...

5CVSS7.3AI score0.04011EPSS
Exploits3References4Affected Software1
CVE
CVE
added 2019/05/06 6:28 p.m.54 views

CVE-2018-4062

CVE-2018-4062 affects Sierra Wireless AirLink ES450 FW 4.9.3, in the SNMPD function. Activating SNMPD outside of the WebUI can trigger hard-coded credentials, exposing a privileged user. Public documents confirm this vulnerability and indicate the issue is part of a broader set of AirLink flaws (...

9.3CVSS7.7AI score0.05324EPSS
Exploits3References4Affected Software1
CVE
CVE
added 2019/05/06 6:22 p.m.50 views

CVE-2018-4073

Concisely: CVE-2018-4073 affects Sierra Wireless AirLink ES450 (and related GX450) running FW 4.9.3, involving Embedded_Ace_Set_Task.cgi/Embedded_Ace_TLSet_Task.cgi in ACEManager. The flaw enables an authenticated user (or an attacker who can access via SSH) to perform arbitrary setting writes, e...

8.8CVSS8.5AI score0.25393EPSS
Exploits3References1Affected Software1
CVE
CVE
added 2019/05/06 6:0 p.m.71 views

CVE-2018-4061

CVE-2018-4061 is an exploitable OS command injection in ACEManager iplogging.cgi of Sierra Wireless AirLink ES450 FW 4.9.3. An authenticated HTTP request can inject commands, enabling remote code execution (root) via mis-handling of the -z tcpdump flag in iplogging.cgi. Public advisories (Talos/T...

9CVSS8.7AI score0.19488EPSS
Exploits3References4Affected Software1
0day.today
0day.today
added 2019/04/30 12:0 a.m.95 views

Sierra Wireless AirLink ES450 ACEManager template_load.cgi Information Disclosure Exploit

An exploitable information disclosure vulnerability exists in the ACEManager templateload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a information leak, resulting in the disclosure of internal paths and files. An attacker can make an...

6.4AI score0.04132EPSS
Exploits3
0day.today
0day.today
added 2019/04/29 12:0 a.m.75 views

Sierra Wireless AirLink ES450 ACEManager Information Exposure Exploit

An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintext XML to the web server. An attacker can listen to network traffic upstream from the device to...

0.4AI score0.04011EPSS
Exploits3
Rows per page
Query Builder