CVE-2017-15043: Input Validation
First published: Fri May 04 2018(Updated: )
A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.5 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9 could allow an authenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. This vulnerability is due to insufficient input validation on user-controlled input in an HTTP request to the targeted device. An attacker in possession of router login credentials could exploit this vulnerability by sending a crafted HTTP request to an affected system.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sierra Wireless Gx440 Firmware | <4.4.5 | |
| Sierra Wireless GX440 | ||
| Sierra Wireless ES440 Firmware | <4.4.5 | |
| Sierra Wireless ES440 | ||
| Sierra Wireless LS300 Firmware | <4.4.5 | |
| Sierra Wireless LS300 | ||
| Sierra Wireless GX400 Firmware | <4.4.5 | |
| Sierra Wireless Gx400 | ||
| Sierra Wireless ES450 Firmware | <4.9 | |
| Sierra Wireless AirLink ES450 | ||
| Sierra Wireless RV50 Firmware | <4.9 | |
| Sierra Wireless RV50 Firmware | ||
| Sierra Wireless RV50X Firmware | <4.9 | |
| Sierra Wireless AirLink RV50X | ||
| Sierra Wireless MP70 Firmware | <4.9 | |
| Sierra Wireless AirLink MP70 | ||
| Sierra Wireless MP70E Firmware | <4.9 | |
| Sierra Wireless MP70e | ||
| Sierra Wireless Gx450 Firmware | <4.9 | |
| Sierra Wireless AirLink GX450 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2017-15043?
The severity of CVE-2017-15043 is critical with a CVSS score of 8.8.
Which routers are affected by CVE-2017-15043?
Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.5, and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9 are affected by CVE-2017-15043.
How does CVE-2017-15043 impact the affected systems?
CVE-2017-15043 allows an authenticated remote attacker to execute arbitrary code and gain full control of an affected system.
How can CVE-2017-15043 be fixed?
To fix CVE-2017-15043, users should update the firmware of the affected routers to version 4.4.5 or later for GX400, GX440, ES440, and LS300 routers, and version 4.9 or later for GX450, ES450, RV50, RV50X, MP70, and MP70E routers.
Where can I find more information about CVE-2017-15043?
More information about CVE-2017-15043 can be found at the following reference: [Sierra Wireless Technical Bulletin](https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/swi-psa-2018-003-technical-bulletin-reaper/)
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/references
- agent/description
- agent/weakness
- agent/severity
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/sierrawireless
- canonical/sierra wireless gx440 firmware
- canonical/sierra wireless gx440
- canonical/sierra wireless es440 firmware
- canonical/sierra wireless es440
- canonical/sierra wireless ls300 firmware
- canonical/sierra wireless ls300
- canonical/sierra wireless gx400 firmware
- canonical/sierra wireless gx400
- canonical/sierra wireless es450 firmware
- canonical/sierra wireless airlink es450
- canonical/sierra wireless rv50 firmware
- canonical/sierra wireless rv50x firmware
- canonical/sierra wireless airlink rv50x
- canonical/sierra wireless mp70 firmware
- canonical/sierra wireless airlink mp70
- canonical/sierra wireless mp70e firmware
- canonical/sierra wireless mp70e
- canonical/sierra wireless gx450 firmware
- canonical/sierra wireless airlink gx450