HOMEVULNERABILITIESCVE-2017-15043
HIGH

CVE-2017-15043

CWE-20Published: May 4, 2018· Updated: Jun 17, 2026

8.8
CVSS v3.1

Official Description

A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.5 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9 could allow an authenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. This vulnerability is due to insufficient input validation on user-controlled input in an HTTP request to the targeted device. An attacker in possession of router login credentials could exploit this vulnerability by sending a crafted HTTP request to an affected system.

NVD Source

Technical Analysis

CVE-2017-15043 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.

Exploitation requires low privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

A successful exploit results in complete confidentiality breach (data exposure), full integrity compromise (data manipulation), availability disruption (denial of service), with a CVSS base score of 8.8.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorNetwork
Attack ComplexityLow
Privileges Req.Low
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Vendors & Products

sierrawireless20 product(s)
gx440 firmwaregx440es440 firmwarees440ls300 firmwarels300gx400 firmwaregx400es450 firmwarees450rv50 firmwarerv50+8
Source: NVD CPE · 20 total CPE entries

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

Official Patches & Advisories

All References (2)

Quick Facts

CVE IDCVE-2017-15043
CVSS Score8.8 / 10
SeverityHIGH
WeaknessCWE-20
CISA KEVNo
Affected1 vendor(s)
PublishedMay 4, 2018

Related CVEs (CWE-20)

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2017-15043 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.