Skip to main content

Sierra Wireless Patches Critical Vulns in Range of Wireless Routers

posted onMay 8, 2018
by l33tdawg
https://media.kasperskycontenthub.com/wp-content/uploads/sites/31/2014/01/07024433/sierra_airlink-680x400.jpg

Sierra Wireless has patched two critical vulnerabilities for its range of wireless gateways that would leave the enterprise devices helpless to an array of remote threats, including the charms of the Reaper IoT botnet.

The more critical of the two (with a 9.4 CVSSv3 Temp Score) is a privilege-escalation bug (CVE-2018-10251), which could allow a remote attacker with no authentication whatsoever to the device to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges.

The second issue (slightly less alarming with an 8.4 CVSSv3 Temp Score) is also a privilege-escalation flaw (CVE-2017-15043) that allows remote code execution and device takeover; however, the vulnerability is due to insufficient input validation on user-controlled input in an HTTP request to the targeted device. An attacker would need to be in possession of router login credentials to exploit the vulnerability; after that, he or she could do so by sending a crafted HTTP request to the affected system.

Source

Tags

Security Wireless

You May Also Like

Recent News

Monday, May 21st

Thursday, May 17th

Monday, May 14th

Tuesday, May 8th

Saturday, May 5th

Thursday, May 3rd

Wednesday, May 2nd