9

CVE-2017-15043

A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.5 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9 could allow an authenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. This vulnerability is due to insufficient input validation on user-controlled input in an HTTP request to the targeted device. An attacker in possession of router login credentials could exploit this vulnerability by sending a crafted HTTP request to an affected system.

Data is provided by the National Vulnerability Database (NVD)
SierrawirelessGx440 Firmware Version < 4.4.5
   SierrawirelessGx440 Version-
SierrawirelessEs440 Firmware Version < 4.4.5
   SierrawirelessEs440 Version-
SierrawirelessLs300 Firmware Version < 4.4.5
   SierrawirelessLs300 Version-
SierrawirelessGx400 Firmware Version < 4.4.5
   SierrawirelessGx400 Version-
SierrawirelessEs450 Firmware Version < 4.9
   SierrawirelessEs450 Version-
SierrawirelessRv50 Firmware Version < 4.9
   SierrawirelessRv50 Version-
SierrawirelessRv50x Firmware Version < 4.9
   SierrawirelessRv50x Version-
SierrawirelessMp70 Firmware Version < 4.9
   SierrawirelessMp70 Version-
SierrawirelessMp70e Firmware Version < 4.9
   SierrawirelessMp70e Version-
SierrawirelessGx450 Firmware Version < 4.9
   SierrawirelessGx450 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.02% 0.032
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 9 8 10
AV:N/AC:L/Au:S/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.