CVE-2018-10251
9.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD
Description
A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.7 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9.3 could allow an unauthenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges.
Affected (2)
Products: Sierrawireless: Aleos
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 4.4.7 |
| Running on/with | Platform Versions |
|---|---|
Sierrawireless Es440 | All versions |
Sierrawireless Gx400 | All versions |
Sierrawireless Gx440 | All versions |
Sierrawireless Ls300 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 4.9.3 |
| Running on/with | Platform Versions |
|---|---|
Sierrawireless Es450 | All versions |
Sierrawireless Gx450 | All versions |
Sierrawireless Mp70 | All versions |
Sierrawireless Mp70e | All versions |
Sierrawireless Rv50 | All versions |
Sierrawireless Rv50x | All versions |
Related CWEs
CWE-1188
Initialization of a Resource with an Insecure Default
The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.
CWE-862
Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
References (2)
Source: cve@mitre.org
MitigationVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationVendor Advisory
Timeline
No history available yet.