ACEManager template_load.cgi Information Disclosure Vulnerability

ACEManager template_load.cgi Information Disclosure Vulnerability

CVE-2018-4067 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

An exploitable information disclosure vulnerability exists in the ACEManager template_load.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a information leak, resulting in the disclosure of internal paths and files. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Learn more about our Internal Network Penetration Testing.