← All CVEs
CVE-2018-4063HIGH · 8.8TrackedCISA KEV
Sierra Wireless · AirLink ALEOS
Sierra Wireless AirLink ALEOS contains an unrestricted upload of file with dangerous type vulnerability. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticated HTTP request to trigger this vulnerability. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Disclosed
2019-05-06
2591 days ago
Status
no honeypot capture yet
on CISA KEV — watching
7-day events
0
across 0 distinct IPs
7-day spread
0 ASN · 0 cty
0 active days
Top ASNs
No events captured yet.
Top countries
No events captured yet.
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-19-122-03
- https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---swi-psa-2019-003
- https://source.sierrawireless.com/resources/airlink/hardware_reference_docs/airlink_es450_eol
- https://nvd.nist.gov/vuln/detail/CVE-2018-4063