CVE-2015-2897

Name of the Vulnerable Software and Affected Versions Sierra Wireless AirLink GX450, AirLink ES440, AirLink GX440, AirLink LS300 versions prior to 4.4.2

Description The issue is related to the presence of a hardcoded root account in the software of Sierra Wireless AirLink devices. This allows a remote attacker to gain administrative access to the device by establishing a connection via SSH or TELNET protocols.

Recommendations For versions prior to 4.4.2, update the software to version 4.4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to SSH and TELNET protocols until a patch is applied.