CISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE Attacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a high-severity flaw impacting AirLink ALEOS routers to its Known Vulnerabilities ( KEV ) catalog, following reports of active exploitation in the wild. CVE-2018-4063 (CVSS score: 8.8/9.9) refers an unrestricted file upload vulnerability that could be exploited achieve remote code execution by means malicious HTTP request. "A specially crafted request can file, resulting executable being uploaded, routable, webserver," agency said. "An attacker make authenticated trigger this vulnerability." Details six-year-old were publicly shared Cisco Talos April 2019, describing it as exploitable ACEManager "upload.cgi" function ES450 firmware version 4.9.3. reported Canadia... https://thehackernews.com/2025/12/cisa-adds-actively-exploited-sierra.html