CVE-2018-4070

Name of the Vulnerable Software and Affected Versions Sierra Wireless AirLink ES450 FW version 4.9.3

Description An Information Disclosure issue exists in the ACEManager EmbeddedAceGet Task.cgi functionality. This allows any authenticated user to send configuration changes using the "/cgi-bin/Embedded Ace Get Task.cgi" endpoint once the MSCIID is discovered.

Recommendations For Sierra Wireless AirLink ES450 FW version 4.9.3, consider restricting access to the "/cgi-bin/Embedded Ace Get Task.cgi" endpoint until a fix is available. Additionally, review configuration settings to minimize potential impact. At the moment, there is no information about a newer version that contains a fix for this vulnerability.