CVE-2018-4072
Description
An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The EmbeddedAceSet_Task.cgi executable is used to change MSCII configuration values within the configuration manager of the AirLink ES450. This binary does not have any restricted configuration settings, so once the MSCIID is discovered, any authenticated user can send configuration changes using the /cgi-bin/Embedded_Ace_Set_Task.cgi endpoint.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An authenticated user can exploit a permission assignment flaw in ACEManager's Embedded_Ace_Set_Task.cgi to write arbitrary system configuration settings on Sierra Wireless AirLink ES450 FW 4.9.3.
Vulnerability
Sierra Wireless AirLink ES450 firmware version 4.9.3 (and potentially the GX450) contains a permission assignment vulnerability in the ACEManager's Embedded_Ace_Set_Task.cgi binary. This binary lacks restricted configuration settings, allowing any authenticated user to modify MSCII configuration values via the /cgi-bin/Embedded_Ace_Set_Task.cgi endpoint [1].
Exploitation
An attacker must have authenticated access to the ACEManager web interface, which is not accessible by default from the Cellular WAN. After discovering the MSCIID, the attacker can send a specially crafted HTTP request to the endpoint to change any system setting without additional privileges [1].
Impact
Successful exploitation enables arbitrary writes to system configuration, leading to high confidentiality and integrity impact (CVSS 9.9). The attacker can alter critical device settings, potentially compromising network security.
Mitigation
Not yet disclosed in the available references. Users should check with Sierra Wireless for firmware updates or workarounds.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Sierra Wireless/AirLink ES450description
- Range: = 4.9.3
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1- talosintelligence.com/vulnerability_reports/TALOS-2018-0756mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.