Main Vulnerability Database Vulnerabilities #VU71594

Information disclosure in Sierra Wireless products - CVE-2022-46650

Published: January 27, 2023

Vulnerability identifier: #VU71594

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-46650

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Sierra Wireless

Affected software:
Airlink Router ES450
Airlink Router GX450
Airlink Router MP70
Airlink Router RV50
Airlink Router RV50x
Airlink Router RV55
Airlink Router LX 40
Airlink Router LX60

Detailed vulnerability description

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote administrator can reconfigure the device to expose the ACEManager credentials on the pre-login status page.

How to mitigate CVE-2022-46650

Install updates from vendor's website.

Sources

https://ics-cert.us-cert.gov/advisories/icsa-23-026-04

Information disclosure in Sierra Wireless products - CVE-2022-46650

Detailed vulnerability description

How to mitigate CVE-2022-46650

Sources

Please verify you're human