Vulnerabilities (CVE)

Filtered by vendor Sierrawireless Subscribe
Total 50 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-5070 1 Sierrawireless 2 Aleos Firmware, Gx 440 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext.
CVE-2016-5069 1 Sierrawireless 2 Aleos Firmware, Gx 440 2024-11-21 7.5 HIGH 9.8 CRITICAL
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL.
CVE-2016-5068 1 Sierrawireless 2 Aleos Firmware, Gx 440 2024-11-21 7.5 HIGH 9.8 CRITICAL
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests.
CVE-2016-5067 1 Sierrawireless 2 Aleos Firmware, Gx 440 2024-11-21 9.0 HIGH 8.8 HIGH
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection.
CVE-2016-5066 1 Sierrawireless 2 Aleos Firmware, Gx 440 2024-11-21 10.0 HIGH 9.8 CRITICAL
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.
CVE-2016-5065 1 Sierrawireless 2 Aleos Firmware, Gx 440 2024-11-21 7.5 HIGH 9.8 CRITICAL
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection.
CVE-2015-6479 1 Sierrawireless 7 Aleos, Es440, Es450 and 4 more 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
ACEmanager in Sierra Wireless ALEOS 4.4.2 and earlier on ES440, ES450, GX400, GX440, GX450, and LS300 devices allows remote attackers to read the filteredlogs.txt file, and consequently discover potentially sensitive boot-sequence information, via unspecified vectors.
CVE-2015-2897 1 Sierrawireless 6 Airlink Es440, Airlink Es450, Airlink Gx440 and 3 more 2024-11-21 10.0 HIGH N/A
Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote attackers to obtain administrative access via a (1) SSH or (2) TELNET session.
CVE-2013-2820 1 Sierrawireless 19 Airlink Mp At\&t, Airlink Mp At\&t Wifi, Airlink Mp Bell and 16 more 2024-11-21 10.0 HIGH N/A
The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to reprogram the firmware via a replay attack using UDP ports 17336 and 17388.
CVE-2013-2819 1 Sierrawireless 19 Airlink Mp At\&t, Airlink Mp At\&t Wifi, Airlink Mp Bell and 16 more 2024-11-21 9.3 HIGH N/A
The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to install Trojan horse firmware by leveraging cleartext credentials in a crafted (1) update or (2) reprogramming action.