10
CVE-2018-10251
- EPSS 0.08%
- Veröffentlicht 04.05.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 03:41:06
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.7 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9.3 could allow an unauthenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sierrawireless ≫ Aleos Version < 4.4.7
Sierrawireless ≫ Es440 Version-
Sierrawireless ≫ Gx400 Version-
Sierrawireless ≫ Gx440 Version-
Sierrawireless ≫ Ls300 Version-
Sierrawireless ≫ Gx400 Version-
Sierrawireless ≫ Gx440 Version-
Sierrawireless ≫ Ls300 Version-
Sierrawireless ≫ Aleos Version < 4.9.3
Sierrawireless ≫ Es450 Version-
Sierrawireless ≫ Gx450 Version-
Sierrawireless ≫ Mp70 Version-
Sierrawireless ≫ Mp70e Version-
Sierrawireless ≫ Rv50 Version-
Sierrawireless ≫ Rv50x Version-
Sierrawireless ≫ Gx450 Version-
Sierrawireless ≫ Mp70 Version-
Sierrawireless ≫ Mp70e Version-
Sierrawireless ≫ Rv50 Version-
Sierrawireless ≫ Rv50x Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.257 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-1188 Initialization of a Resource with an Insecure Default
The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.