Unrated severityNVD Advisory· Published May 4, 2018· Updated Aug 5, 2024

CVE-2017-15043

Description

A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.5 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9 could allow an authenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. This vulnerability is due to insufficient input validation on user-controlled input in an HTTP request to the targeted device. An attacker in possession of router login credentials could exploit this vulnerability by sending a crafted HTTP request to an affected system.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Authenticated remote code execution in Sierra Wireless routers due to insufficient input validation, allowing full control with root privileges.

Vulnerability

A flaw in the input validation of user-controlled HTTP requests in Sierra Wireless AirLink routers allows authenticated remote code execution. Affected firmware includes ALEOS versions 4.4.6 or older on LS300, GX400, GX/ES440 models, and ALEOS versions 4.9.2 or older on GX/ES450, RV50, RV50X, MP70, MP70E models [1].

Exploitation

An attacker must possess valid router login credentials. The exploit involves sending a specially crafted HTTP request to the targeted device, which the vulnerable input validation does not properly sanitize, leading to command injection.

Impact

Successful exploitation enables arbitrary code execution with root privileges, giving the attacker full control over the affected router. This can lead to information disclosure, network compromise, and persistent access.

Mitigation

Sierra Wireless released firmware updates to address this vulnerability: version 4.4.5 for LS300, GX400, GX/ES440 and version 4.9 for GX/ES450, RV50, RV50X, MP70, MP70E. Users should upgrade immediately. No workarounds are documented [1].

References

SWI-PSA-2018-003: Technical Bulletin - Reaper

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Sierrawireless/AirLink GX400llm-create
Range: <4.4.5
Sierrawireless/ES440llm-create
Range: <4.4.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/swi-psa-2018-003-technical-bulletin-reaper/mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000