Unrated severityNVD Advisory· Published May 4, 2018· Updated Aug 5, 2024

CVE-2018-10251

Description

A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.7 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9.3 could allow an unauthenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Unauthenticated remote code execution in Sierra Wireless routers allows full compromise with root privileges.

Vulnerability

The vulnerability affects Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.7, and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9.3 [1]. It allows an unauthenticated remote attacker to execute arbitrary code on the device.

Exploitation

An attacker can exploit this vulnerability by sending specially crafted requests to an affected device that is directly reachable from the public internet, without requiring authentication [1]. Sierra Wireless has observed the IoTroop/Reaper malware exploiting this vulnerability using default user or viewer passwords [1].

Impact

Successful exploitation grants the attacker full control of the affected system, including the ability to issue commands with root privileges [1]. This can lead to complete device compromise and potential use in botnet activities.

Mitigation

The fix is included in firmware versions 4.4.7 and 4.9.3 respectively, as indicated in Sierra Wireless Technical Bulletin SWI-PSA-2018-005 [1]. Users should update to these versions. As a workaround, ensure devices are not directly reachable from the public internet and change default passwords [1].

References

https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---cve-2018-10251/

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Sierrawireless/AirLink RV50llm-create
Range: <4.9.3
Sierrawireless/AirLink ES450llm-fuzzy
Range: <4.4.7
Sierrawireless/AirLink GX400llm-fuzzy
Range: <4.4.7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---cve-2018-10251/mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000