- Description
- An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticated HTTP request to trigger this vulnerability.
- Source
- talos-cna@cisco.com
- NVD status
- Analyzed
- Products
- aleos
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 9
- Impact score
- 10
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:C/I:C/A:C
Data from CISA
- Vulnerability name
- Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability
- Exploit added on
- Dec 12, 2025
- Exploit action due
- Jan 2, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E9B26ADF-46F0-42E9-B434-B1BDD3B3FA51",
"versionEndExcluding": "4.4.9"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sierrawireless:airlink_es440:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A539809A-2F36-49E5-B6E1-7D13057CB5CC"
},
{
"criteria": "cpe:2.3:h:sierrawireless:airlink_gx400:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "3ED4507B-D487-40BB-8F0C-DDE252844BF7"
},
{
"criteria": "cpe:2.3:h:sierrawireless:airlink_gx440:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "2F6861FB-F310-4B6D-BEDD-0B1611E5CE2D"
},
{
"criteria": "cpe:2.3:h:sierrawireless:airlink_ls300:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "06302D92-3C19-414A-B976-779FE9B01915"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "22BF7599-D3BB-4273-847E-28E84AF19C07",
"versionEndExcluding": "4.11.0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sierrawireless:airlink_lx40:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "C4CEDB07-37C9-444F-9670-1807E7C3E734"
},
{
"criteria": "cpe:2.3:h:sierrawireless:airlink_lx60:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "631F6248-DA94-4BF8-9F78-3636CBD67F2E"
},
{
"criteria": "cpe:2.3:h:sierrawireless:airlink_mp70:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "3D40D05C-2C06-40D7-A060-AB695909E559"
},
{
"criteria": "cpe:2.3:h:sierrawireless:airlink_mp70e:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "AD91027A-EFC8-4A29-B880-CE39D00DF86F"
},
{
"criteria": "cpe:2.3:h:sierrawireless:airlink_rv50:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "282D04AE-5657-42C6-9EF1-89FA8388D746"
},
{
"criteria": "cpe:2.3:h:sierrawireless:airlink_rv50x:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "AA1C2197-E412-4FE2-8DE8-3048A3727A58"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5BA6B3FE-7242-44A0-8DFE-0835A06BB61A",
"versionEndExcluding": "4.9.4"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sierrawireless:airlink_es450:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "3E042BE5-9B2E-42B9-B455-FDB35251B0A6"
},
{
"criteria": "cpe:2.3:h:sierrawireless:airlink_gx450:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "F20FC147-11AF-4E39-978A-0BC270B3CF01"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]