Carl Hurd and Jared Rittle of Cisco Talos discovered these vulnerabilities.
Several exploitable vulnerabilities exist in the Sierra Wireless AirLink ES450, an LTE gateway designed for distributed enterprise, such as retail point-of-sale or industrial control systems. These flaws present a number of attack vectors for a malicious actor, and could allow them to remotely execute code on the victim machine, change the administrator’s password and expose user credentials, among other scenarios. The majority of these vulnerabilities exist in ACEManager, the web server included with the ES450. ACEManager is responsible for the majority of interactions on the device, including device reconfiguration, user authentication and certificate management.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Sierra Wireless to ensure that these issues are resolved and that an update is available for affected customers.