CISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE Attacks thehackernews.com/2025/12/c…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a high-severity flaw impacting Sierra Wireless AirLink ALEOS routers to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild.
CVE-2018-4063 (CVSS score: 8.8/9.9) refers to an unrestricted file upload vulnerability that could be exploited to achieve remote code execution by means of a malicious HTTP request.
“A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver,” the agency said. “An attacker can make an authenticated HTTP request to trigger this vulnerability.”
