A hard-coded credentials vulnerability exists in the snmpd function of the Sierra Wireless AirLink ES450 FW 4.9.3. Activating snmpd outside of the WebUI can cause the activation of the hard-coded credentials, resulting in the exposure of a privileged user. An attacker can activate snmpd without any configuration changes to trigger this vulnerability.
References
Link | Resource |
---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0747 | Exploit Third Party Advisory |
https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03 | Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/108147 | Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/152647/Sierra-Wireless-AirLink-ES450-SNMPD-Hard-Coded-Credentials.html | Exploit VDB Entry Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2019-05-06 12:29
Updated : 2019-05-08 10:03
NVD link : CVE-2018-4062
Mitre link : CVE-2018-4062
JSON object : View
CWE
CWE-798
Use of Hard-coded Credentials
Products Affected
sierrawireless
- airlink_es450
- airlink_es450_firmware