Lucene search
TalosCVELIST:CVE-2018-4066HistoryMay 06, 2019 - 6:38 p.m.
CVE-2018-4066
2019-05-0618:38:09
CWE-352
talos
www.cve.org
4
An exploitable cross-site request forgery vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause an authenticated user to perform privileged requests unknowingly, resulting in unauthenticated requests being requested through an authenticated user. An attacker can get an authenticated user to request authenticated pages on the attacker’s behalf to trigger this vulnerability.
CNA Affected
[
{
"product": "Sierra Wireless",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Sierra Wireless AirLink ES450 FW 4.9.3"
}
]
}
]Related
zdt
zdt
packetstorm
packetstorm
Sierra Wireless AirLink ES450 ACEManager Cross Site Request Forgery
2019-04-26 00:00:00
prion
prion
Cross site request forgery (csrf)
2019-05-06 19:29:00
nvd
nvd
CVE-2018-4066
2019-05-06 19:29:00
talos
talos
cve
cve
CVE-2018-4066
2019-05-06 19:29:00
threatpost
threatpost
Multiple Sierra Wireless AirLink Routers Open to Remote Code Execution
2019-05-03 14:36:25
Critical Flaws in Sierra Wireless 5G Gateway Allow RCE, Command Injection
2019-04-26 16:12:06
ics
ics
Sierra Wireless AirLink ALEOS (Update B)
2020-04-23 12:00:00
talosblog
talosblog