Sierra Wireless patched two vulnerabilities in several of its AirLink routers that if exploited could allow the execution of arbitrary code or gain full control of a system.
Exploit CVE-2018-10251 effect Sierra Wireless AirLink router models GX400, GX440, ES440, and LS300 routers with firmware before 4.4.7 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9.3 and could give an unauthorized person the ability to execute arbitrary code and gain full control of a system, including issuing commands with root privileges.
The second issue addressed, CVE-2017-15043, is associated with the same routers, but with different firmware packages. In this case, AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.5 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9 are involved. If left unpatched and exploited by an attacker will have the ability to perform the same tasks.
