9.3
CVE-2018-4062
- EPSS 5.32%
- Veröffentlicht 06.05.2019 19:29:00
- Zuletzt bearbeitet 21.11.2024 04:06:40
- CVE-Watchlists
- Unerledigt
A hard-coded credentials vulnerability exists in the snmpd function of the Sierra Wireless AirLink ES450 FW 4.9.3. Activating snmpd outside of the WebUI can cause the activation of the hard-coded credentials, resulting in the exposure of a privileged user. An attacker can activate snmpd without any configuration changes to trigger this vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sierrawireless ≫ Airlink Es450 Firmware Version4.9.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 5.32% | 0.916 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.2 | 5.9 |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-798 Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.
http://www.securityfocus.com/bid/108147
https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03
http://packetstormsecurity.com/files/152647/Sierra-Wireless-AirLink-ES450-SNMPD-Hard-Coded-Credentials.html
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0747