Full title: Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Set_Task.cgi Permission Assignment Exploit 
Category: web applications
Platform: hardware
An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a arbitrary setting writes, resulting in the unverified changes to any system setting. An attacker can make an authenticated HTTP request, or run the binary as any user, to trigger this vulnerability.

# 0day.today @ http://0day.today/