Command Injection Vulnerability in Sierra Wireless AirLink ES450 FW 4.9.3

Command Injection Vulnerability in Sierra Wireless AirLink ES450 FW 4.9.3

CVE-2018-4061 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HTTP request to trigger this vulnerability.

Learn more about our Wireless Penetration Test.