High severity7.1NVD Advisory· Published Oct 31, 2019· Updated Jun 17, 2026
CVE-2018-4064
CVE-2018-4064
Description
An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user password on the device. An attacker can make an authenticated HTTP request to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Sierra Wireless/AirLink ES450 FWdescription
- Range: 4.9.3
Patches
Vulnerability mechanics
References
1- talosintelligence.com/vulnerability_reports/TALOS-2018-0749nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.