The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Sierra Wireless AirLink ALEOS routers to its Known Exploited Vulnerabilities (KEV) catalogue, warning organisations about active exploitation in the wild.
Critical File Upload Vulnerability Under Active Attack
The vulnerability, tracked as CVE-2018-4063, involves an unrestricted file upload with a dangerous type weakness in Sierra Wireless AirLink ALEOS devices.
This security flaw allows attackers to upload executable code directly to the web server through a specially crafted HTTP request.
Once exploited, the uploaded malicious files become routable and executable on the affected system, providing attackers with potential remote code execution capabilities.
The vulnerability is associated with CWE-434, which describes weaknesses in which applications fail to validate file types during upload operations properly.
Notably, authentication is required to exploit this flaw, meaning attackers must first obtain valid credentials before launching an attack.
CISA has indicated that impacted Sierra Wireless AirLink ALEOS products could be end-of-life (EoL) or end-of-service (EoS), significantly limiting mitigation options for organizations still using these devices.
Users are strongly advised to discontinue using the product if patches or vendor-provided mitigations are unavailable.
Added to the KEV catalog on December 12, 2025, federal agencies must take action by January 2, 2026, to address this vulnerability.
CISA directs organizations to apply mitigations per vendor instructions, follow the applicable guidance in Binding Operational Directive (BOD) 22-01 for cloud services, or discontinue use of affected products entirely.
While it remains unknown whether CVE-2018-4063 has been used in ransomware campaigns, its inclusion in the KEV catalog confirms active exploitation attempts.
Organizations using Sierra Wireless AirLink ALEOS routers should immediately assess their exposure and implement recommended security measures or plan device replacement to eliminate this risk.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.