Filtered by vendor Sierrawireless
Subscribe
Total
56 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5069 | 1 Sierrawireless | 2 Aleos Firmware, Gx 440 | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL. | |||||
| CVE-2017-9247 | 1 Sierrawireless | 3 Sierra Wireless Em7345 Software, Sierra Wireless Em7455 Software, Sierra Wireless Location Sensor Driver | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| Multiple unquoted service path vulnerabilities in Sierra Wireless Windows Mobile Broadband Driver Package (MBDP) with build ID < 4657 allows local users to launch processes with elevated privileges. | |||||
| CVE-2016-5070 | 1 Sierrawireless | 2 Aleos Firmware, Gx 440 | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext. | |||||
| CVE-2016-5068 | 1 Sierrawireless | 2 Aleos Firmware, Gx 440 | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests. | |||||
| CVE-2016-5067 | 1 Sierrawireless | 2 Aleos Firmware, Gx 440 | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection. | |||||
| CVE-2016-5071 | 1 Sierrawireless | 2 Aleos Firmware, Gx 440 | 2025-04-20 | 10.0 HIGH | 8.8 HIGH |
| Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root. | |||||
| CVE-2016-5065 | 1 Sierrawireless | 2 Aleos Firmware, Gx 440 | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection. | |||||
| CVE-2016-5066 | 1 Sierrawireless | 2 Aleos Firmware, Gx 440 | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user. | |||||
| CVE-2019-11851 | 1 Sierrawireless | 13 Aleos, Es440, Es450 and 10 more | 2025-04-16 | N/A | 9.8 CRITICAL |
| The ACENet service in Sierra Wireless ALEOS before 4.4.9, 4.5.x through 4.9.x before 4.9.5, and 4.10.x through 4.13.x before 4.14.0 allows remote attackers to execute arbitrary code via a buffer overflow. | |||||
| CVE-2020-11101 | 1 Sierrawireless | 1 Airlink Mobility Manager | 2025-04-14 | N/A | 9.8 CRITICAL |
| Sierra Wireless AirLink Mobility Manager (AMM) before 2.17 mishandles sessions and thus an unauthenticated attacker can obtain a login session with administrator privileges. | |||||
| CVE-2019-13988 | 1 Sierrawireless | 3 Airlink Mg90, Airlink Omg2000, Mgos | 2025-04-14 | N/A | 6.5 MEDIUM |
| Sierra Wireless MGOS before 3.15.2 and 4.x before 4.3 allows attackers to read log files via a Direct Request (aka Forced Browsing). | |||||
| CVE-2015-6479 | 1 Sierrawireless | 7 Aleos, Es440, Es450 and 4 more | 2025-04-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| ACEmanager in Sierra Wireless ALEOS 4.4.2 and earlier on ES440, ES450, GX400, GX440, GX450, and LS300 devices allows remote attackers to read the filteredlogs.txt file, and consequently discover potentially sensitive boot-sequence information, via unspecified vectors. | |||||
| CVE-2015-2897 | 1 Sierrawireless | 6 Airlink Es440, Airlink Es450, Airlink Gx440 and 3 more | 2025-04-12 | 10.0 HIGH | N/A |
| Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote attackers to obtain administrative access via a (1) SSH or (2) TELNET session. | |||||
| CVE-2013-2819 | 1 Sierrawireless | 19 Airlink Mp At\&t, Airlink Mp At\&t Wifi, Airlink Mp Bell and 16 more | 2025-04-11 | 9.3 HIGH | N/A |
| The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to install Trojan horse firmware by leveraging cleartext credentials in a crafted (1) update or (2) reprogramming action. | |||||
| CVE-2013-2820 | 1 Sierrawireless | 19 Airlink Mp At\&t, Airlink Mp At\&t Wifi, Airlink Mp Bell and 16 more | 2025-04-11 | 10.0 HIGH | N/A |
| The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to reprogram the firmware via a replay attack using UDP ports 17336 and 17388. | |||||
| CVE-2022-46650 | 1 Sierrawireless | 9 Aleos, Es450, Gx450 and 6 more | 2025-03-24 | N/A | 4.9 MEDIUM |
| Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page. | |||||
| CVE-2022-46649 | 1 Sierrawireless | 9 Aleos, Es450, Gx450 and 6 more | 2025-03-24 | N/A | 8.8 HIGH |
| Acemanager in ALEOS before version 4.16 allows a user with valid credentials to manipulate the IP logging operation to execute arbitrary shell commands on the device. | |||||
| CVE-2023-40462 | 2 Debian, Sierrawireless | 9 Debian Linux, Aleos, Es450 and 6 more | 2025-02-13 | N/A | 7.5 HIGH |
| The ACEManager component of ALEOS 4.16 and earlier does not perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting within ten seconds of becoming unavailable. | |||||
| CVE-2023-40465 | 1 Sierrawireless | 8 Aleos, Es450, Gx450 and 5 more | 2024-11-21 | N/A | 8.3 HIGH |
| Several versions of ALEOS, including ALEOS 4.16.0, include an opensource third-party component which can be exploited from the local area network, resulting in a Denial of Service condition for the captive portal. | |||||
| CVE-2023-40464 | 1 Sierrawireless | 8 Aleos, Es450, Gx450 and 5 more | 2024-11-21 | N/A | 8.1 HIGH |
| Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded SSL certificate and private key. An attacker with access to these items could potentially perform a man in the middle attack between the ACEManager client and ACEManager server. | |||||