An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HTTP request to trigger this vulnerability.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: talos
Published: 2019-05-06T18:00:11
Updated: 2024-08-05T05:04:29.490Z
Reserved: 2018-01-02T00:00:00
Link: CVE-2018-4061
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-05-06T18:29:00.367
Modified: 2019-05-07T20:29:00.657
Link: CVE-2018-4061
Redhat
No data.