An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HTTP request to trigger this vulnerability.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: talos
Published: 2019-05-06T18:00:11
Updated: 2019-05-07T19:13:02
Reserved: 2018-01-02T00:00:00
Link: CVE-2018-4061
JSON object: View
NVD Information
Status : Modified
Published: 2019-05-06T18:29:00.367
Modified: 2019-05-07T20:29:00.657
Link: CVE-2018-4061
JSON object: View
Redhat Information
No data.
CWE