Hard-Coded Credentials Vulnerability in Sierra Wireless AirLink ES450 Network Device
CVE-2018-4062

8.1HIGH

Key Information:

Vendor

Sierrawireless

Status
Sierra Wireless
Vendor
CVE Published:
6 May 2019

What is CVE-2018-4062?

A vulnerability exists in the SNMPD function of the Sierra Wireless AirLink ES450 device running firmware version 4.9.3, where hard-coded credentials can be exploited. This issue arises when SNMPD is activated outside of the web user interface, allowing unauthorized access to privileged user credentials without requiring any configuration changes. It poses significant risk as malicious actors can trigger this vulnerability easily, potentially compromising the security of sensitive network operations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Sierra Wireless Sierra Wireless AirLink ES450 FW 4.9.3

References

http://packetstormsecurity.com/files/152647/Sierra-Wirele...
x_refsource_MISC
https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03
x_refsource_MISC
http://www.securityfocus.com/bid/108147
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.