Back to KEVs

CVE-2018-4063

An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially...

Basic Information

CVE State
PUBLISHED
Reserved Date
January 02, 2018
Published Date
May 06, 2019
Last Updated
May 22, 2026
Vendor
n/a
Product
Sierra Wireless
Description
An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Tags
cisa

CVSS Scores

CVSS v3.1

8.8 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

9.0

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

SSVC Information

Exploitation
active
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2026-06-01 10:46:08 UTC) Source

References

http://packetstormsecurity.com/files/152648/Sierra-Wireless-AirLink-ES450-ACEManager-upload.cgi-Remote-Code-Execution.html https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03 http://www.securityfocus.com/bid/108147 https://talosintelligence.com/vulnerability_reports/TALOS-2018-0748

Known Exploited Vulnerability Information

Source Added Date
CVE 2026-06-01 10:46:08 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel