Vulnerability Description
A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.7 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9.3 could allow an unauthenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sierrawireless | Aleos | < 4.4.7 |
| Sierrawireless | Es440 | - |
| Sierrawireless | Gx400 | - |
| Sierrawireless | Gx440 | - |
| Sierrawireless | Ls300 | - |
| Sierrawireless | Es450 | - |
| Sierrawireless | Gx450 | - |
| Sierrawireless | Mp70 | - |
| Sierrawireless | Mp70E | - |
| Sierrawireless | Rv50 | - |
| Sierrawireless | Rv50X | - |
Related Weaknesses (CWE)
References
- https://source.sierrawireless.com/resources/airlink/software_reference_docs/techMitigationVendor Advisory
- https://source.sierrawireless.com/resources/airlink/software_reference_docs/techMitigationVendor Advisory
FAQ
What is CVE-2018-10251?
CVE-2018-10251 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.7 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9.3 could all...
How severe is CVE-2018-10251?
CVE-2018-10251 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-10251?
Check the references section above for vendor advisories and patch information. Affected products include: Sierrawireless Aleos, Sierrawireless Es440, Sierrawireless Gx400, Sierrawireless Gx440, Sierrawireless Ls300.