CVE-2017-15043

Name of the Vulnerable Software and Affected Versions: Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers versions prior to 4.4.5 Sierra Wireless AirLink GX450, ES450, RV50, RV50X, MP70, and MP70E routers versions prior to 4.9

Description: The issue is caused by insufficient input validation on user-controlled input in an HTTP request to the targeted device. An authenticated remote attacker could exploit this by sending a crafted HTTP request to gain full control of an affected system, including issuing commands with root privileges.

Recommendations: For Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.5, update to firmware version 4.4.5 or later. For Sierra Wireless AirLink GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9, update to firmware version 4.9 or later.