523/68 Monday, December 15, 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity vulnerability, CVE-2018-4063, affecting Sierra Wireless AirLink ALEOS routers, to the Known Exploited Vulnerabilities (KEV) Catalog after confirming it is being actively exploited in the wild. The flaw is an Unrestricted File Upload vulnerability that can be abused to achieve Remote Code Execution (RCE) through specially crafted HTTP requests, allowing an authenticated attacker to upload malicious code to the device’s web server.
The vulnerability was first publicly disclosed by Cisco Talos in 2019 and was identified in the “upload.cgi” function of the ACEManager interface on Sierra Wireless AirLink ES450 firmware version 4.9.3. Due to inadequate security controls, attackers can upload files using names that conflict with existing executable system files-such as “fw_upload_init.cgi”-resulting in immediate code execution. Because the ACEManager service runs with root privileges, successful exploitation allows attackers to fully compromise and take control of the affected device.
CISA’s decision aligns with monitoring reports from Forescout, which indicate that industrial routers are among the most frequently targeted devices in Operational Technology (OT) environments. The vulnerability was previously observed being exploited by the threat group Chaya_005 in early 2024. In response, CISA has instructed U.S. Federal Civilian Executive Branch (FCEB) agencies to upgrade to supported versions or discontinue use of the affected products by January 2, 2026, as the devices have reached end of support and pose a significant security risk.
Source https://thehackernews.com/2025/12/cisa-adds-actively-exploited-sierra.html
