Cisco discovered several flaws in Sierra Wireless AirLink ES450 devices

Experts at Cisco Talos group disclosed a dozen vulnerabilities in Sierra Wireless AirLink gateways and routers, including several serious flaws.

Researchers at Cisco Talos group disclosed a dozen vulnerabilities affecting Sierra Wireless AirLink gateways and routers, including several serious flaws. Some of the flaws could be exploited to execute arbitrary code, modify passwords, and change system settings,

Sierra Wireless AirLink gateways and routers are widely used in enterprise environments to connect industrial equipment, smart devices, sensors, point-of-sale (PoS) systems, and Industrial Control systems (ICSs).

“Several exploitable vulnerabilities exist in the Sierra Wireless AirLink ES450, an LTE gateway designed for distributed enterprise, such as retail point-of-sale or industrial control systems.” reads the analysis published by Cisco Talos.

“These flaws present a number of attack vectors for a malicious actor, and could allow them to remotely execute code on the victim machine, change the administrator’s password and expose user credentials, among other scenarios.”

Most of the issues reside in ACEManager, the web server included with the ES450.

Experts discovered three flaws classified as “critical” (CVSS score 9.9) that can be exploited by an attacker to make changes to any system settings and execute arbitrary commands and code. An authenticated attacker could exploit the flaw by sending specially crafted HTTP requests to the targeted device.

Other three flaws, rated as “high severity,” could be exploited by an authenticated attacker to change the user password and obtain plaintext passwords and other sensitive information. One of the issues affects the SNMPD function of the Sierra Wireless AirLink ES450 and it can be exploited by attackers to activate hardcoded credentials on a device, resulting in the exposure of a privileged user.

The remaining issues have been classified as “medium severity,” they include cross-site request forgery (CSRF), cross-site scripting (XSS), and information disclosure issues.

At the time of writing, Sierra Wireless has yet to release a security advisory for these vulnerabilities.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – IoT, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.