Lucene search
TalosCVELIST:CVE-2018-4064HistoryOct 31, 2019 - 8:24 p.m.
CVE-2018-4064
2019-10-3120:24:12
talos
www.cve.org
6
EPSS
0.002
Percentile
61.9%
An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user password on the device. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CNA Affected
[
{
"product": "Sierra Wireless",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Sierra Wireless AirLink ES450 FW 4.9.3"
}
]
}
]Related
packetstorm
packetstorm
nvd
nvd
CVE-2018-4064
2019-10-31 21:15:12
cve
cve
CVE-2018-4064
2019-10-31 21:15:12
prion
prion
Cross site request forgery (csrf)
2019-10-31 21:15:00
talos
talos
zdt
zdt
talosblog
talosblog
threatpost
threatpost
Critical Flaws in Sierra Wireless 5G Gateway Allow RCE, Command Injection
2019-04-26 16:12:06