CVE-2018-4068

Name of the Vulnerable Software and Affected Versions Sierra Wireless AirLink ES450 FW version 4.9.3

Description An information disclosure issue exists in the ACEManager functionality. It allows an attacker to send an unauthenticated HTTP request, potentially disclosing the default configuration for the device.

Recommendations For Sierra Wireless AirLink ES450 FW version 4.9.3, consider restricting access to the ACEManager functionality until a patch is available. As a temporary workaround, limit the exposure of the device to unauthenticated HTTP requests to minimize the risk of exploitation.