CVE-2018-4065

Name of the Vulnerable Software and Affected Versions Sierra Wireless AirLink ES450 FW version 4.9.3

Description A cross-site scripting issue exists in the ACEManager ping result.cgi functionality. This can be triggered by a specially crafted HTTP ping request, leading to the execution of javascript code on the victim's browser. An attacker can exploit this by getting a victim to click a link or embedded URL that redirects to the reflected cross-site scripting vulnerability.

Recommendations For Sierra Wireless AirLink ES450 FW version 4.9.3, consider restricting access to the ping result.cgi functionality until a fix is available. As a temporary workaround, avoid using the ACEManager ping result.cgi functionality to minimize the risk of exploitation.