Remote Code Execution Vulnerability in Sierra Wireless Routers
CVE-2017-15043

8.8HIGH

Key Information:

Vendor: Sierrawireless
Status: Gx440 Firmware
Vendor: CVE Published:; 4 May 2018

🔔 Create Sierrawireless Vulnerability Alert

What is CVE-2017-15043?

A vulnerability in specific models of Sierra Wireless AirLink routers allows authenticated remote attackers to execute arbitrary code. This issue arises from insufficient input validation on user-controlled input within HTTP requests. By exploiting this flaw, an attacker with valid credentials could send a specially crafted request to gain full control over the router, including root privileges. Mitigation of this vulnerability is critical to prevent unauthorized access and potential abuse.

References

https://source.sierrawireless.com/resources/airlink/softw...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 4, 2018
Vulnerability Reserved
Oct 5, 2017