Vulnerability Details CVE-2018-4062
A hard-coded credentials vulnerability exists in the snmpd function of the Sierra Wireless AirLink ES450 FW 4.9.3. Activating snmpd outside of the WebUI can cause the activation of the hard-coded credentials, resulting in the exposure of a privileged user. An attacker can activate snmpd without any configuration changes to trigger this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.3%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 9.3
References
- http://packetstormsecurity.com/files/152647/Sierra-Wireless-AirLink-ES450-SNMPD-Hard-Coded-Credentials.html
- http://www.securityfocus.com/bid/108147
- https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03
- https://talosintelligence.com/vulnerability_reports/TALOS-2018-0747
- http://packetstormsecurity.com/files/152647/Sierra-Wireless-AirLink-ES450-SNMPD-Hard-Coded-Credentials.html
- http://www.securityfocus.com/bid/108147
- https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03
- https://talosintelligence.com/vulnerability_reports/TALOS-2018-0747
Products affected by CVE-2018-4062
-
cpe:2.3:h:sierrawireless:airlink_es450:-
-
cpe:2.3:o:sierrawireless:airlink_es450_firmware:4.9.3