An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: talos

Published:

Updated: 2024-08-05T05:04:29.488Z

Reserved: 2018-01-02T00:00:00

Link: CVE-2018-4063

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-05-06T19:29:00.637

Modified: 2024-11-21T04:06:40.420

Link: CVE-2018-4063

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.