CVE-2018-4061

Name of the Vulnerable Software and Affected Versions Sierra Wireless AirLink ES450 FW version 4.9.3

Description A command injection issue exists in the ACEManager iplogging.cgi functionality. This allows an attacker to inject arbitrary commands through a specially crafted HTTP request, resulting in arbitrary command execution. An attacker can trigger this issue by sending an authenticated HTTP request.

Recommendations For Sierra Wireless AirLink ES450 FW version 4.9.3, consider restricting access to the iplogging.cgi functionality until a patch is available. As a temporary workaround, limit the ability to send authenticated HTTP requests to minimize the risk of exploitation.