Sierra Wireless AirLink ES450 LTE gateway (version 4.9.3) has 11 different bugs, including two critical bugs that allow remote code-execution and arbitrary command-injection. Sierra Wireless has issued an update and administrators are encouraged to apply it. The most serious of the flaws is a critical RCE vulnerability (CVE-2018-4063), CVSS score of 9.9, in the upload.cgi function of the ACEManager function. The bug most likely also affects the AirLink GX450 product, Cisco Talos said.
Source: https://threatpost.com/critical-flaws-sierra-wireless-5g/144142/