CVE-2018-4066

Name of the Vulnerable Software and Affected Versions Sierra Wireless AirLink ES450 FW version 4.9.3

Description A cross-site request forgery issue exists in the ACEManager functionality. This allows an attacker to trick an authenticated user into making unintended requests, potentially leading to unauthorized access. The attacker can exploit this to get an authenticated user to request pages on their behalf.

Recommendations For Sierra Wireless AirLink ES450 FW version 4.9.3, consider implementing additional validation for HTTP requests to prevent unauthorized access until a patch is available. As a temporary workaround, restrict access to the ACEManager functionality to minimize the risk of exploitation.