Sierrawireless: >> Airlink Es450 Firmware >> 4.9.3 Security Vulnerabilities
An exploitable information disclosure vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A HTTP request can result in disclosure of the default configuration for the device. An attacker can send an unauthenticated HTTP request to trigger this vulnerability.
CVSS Score
5.3
EPSS Score
0.001
Published
2019-05-06
An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintext XML to the web server. An attacker can listen to network traffic upstream from the device to capitalize on this vulnerability.
CVSS Score
7.5
EPSS Score
0.0
Published
2019-05-06
Page 2