top of page
perceptive_background_267k.jpg

Sierra Wireless AirLink ALEOS contains an unrestricted upload of file with dangerous type vulnerability. A specially crafted HTTP request can upload a file, res…

Published:

12 December 2025 at 00:00:00

Alert date:

12 December 2025 at 19:01:25

Source:

cisa.gov

Click to open the original link from this advisory

Sierra Wireless AirLink ALEOS contains an unrestricted upload vulnerability allowing attackers to upload executable files via specially crafted HTTP requests. The vulnerability requires authentication but can result in code execution on the webserver. The affected product may be end-of-life or end-of-service, and users are advised to discontinue use. This is a critical vulnerability that allows remote code execution through file upload functionality.

Technical details

Mitigation steps:

Affected products:

Sierra Wireless AirLink ALEOS

Related links:

https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---swi-psa-2019-003
https://www.cisa.gov/news-events/ics-advisories/icsa-19-122-03
https://source.sierrawireless.com/resources/airlink/hardware_reference_docs/airlink_es450_eol
https://nvd.nist.gov/vuln/detail/CVE-2018-4063

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page