critical
9
CWE
20
Advisory Published
Updated

CVE-2017-15043: Input Validation

First published: Fri May 04 2018(Updated: )

A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.5 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9 could allow an authenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. This vulnerability is due to insufficient input validation on user-controlled input in an HTTP request to the targeted device. An attacker in possession of router login credentials could exploit this vulnerability by sending a crafted HTTP request to an affected system.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Sierrawireless Gx440 Firmware<4.4.5
Sierrawireless Gx440
Sierrawireless Es440 Firmware<4.4.5
Sierrawireless Es440
Sierrawireless Ls300 Firmware<4.4.5
Sierrawireless Ls300
Sierrawireless Gx400 Firmware<4.4.5
Sierrawireless Gx400
Sierrawireless Es450 Firmware<4.9
Sierrawireless Es450
Sierrawireless Rv50 Firmware<4.9
Sierrawireless Rv50
Sierrawireless Rv50x Firmware<4.9
Sierrawireless Rv50x
Sierrawireless Mp70 Firmware<4.9
Sierrawireless Mp70
Sierrawireless Mp70e Firmware<4.9
Sierrawireless Mp70e
Sierrawireless Gx450 Firmware<4.9
Sierrawireless Gx450

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2017-15043?

    The severity of CVE-2017-15043 is critical with a CVSS score of 8.8.

  • Which routers are affected by CVE-2017-15043?

    Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.5, and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9 are affected by CVE-2017-15043.

  • How does CVE-2017-15043 impact the affected systems?

    CVE-2017-15043 allows an authenticated remote attacker to execute arbitrary code and gain full control of an affected system.

  • How can CVE-2017-15043 be fixed?

    To fix CVE-2017-15043, users should update the firmware of the affected routers to version 4.4.5 or later for GX400, GX440, ES440, and LS300 routers, and version 4.9 or later for GX450, ES450, RV50, RV50X, MP70, and MP70E routers.

  • Where can I find more information about CVE-2017-15043?

    More information about CVE-2017-15043 can be found at the following reference: [Sierra Wireless Technical Bulletin](https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/swi-psa-2018-003-technical-bulletin-reaper/)

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203