Filtered by vendor Sierrawireless
Subscribe
Total
50 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-5070 | 1 Sierrawireless | 2 Aleos Firmware, Gx 440 | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext. | |||||
CVE-2016-5069 | 1 Sierrawireless | 2 Aleos Firmware, Gx 440 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL. | |||||
CVE-2016-5068 | 1 Sierrawireless | 2 Aleos Firmware, Gx 440 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests. | |||||
CVE-2016-5067 | 1 Sierrawireless | 2 Aleos Firmware, Gx 440 | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection. | |||||
CVE-2016-5066 | 1 Sierrawireless | 2 Aleos Firmware, Gx 440 | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user. | |||||
CVE-2016-5065 | 1 Sierrawireless | 2 Aleos Firmware, Gx 440 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection. | |||||
CVE-2015-6479 | 1 Sierrawireless | 7 Aleos, Es440, Es450 and 4 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
ACEmanager in Sierra Wireless ALEOS 4.4.2 and earlier on ES440, ES450, GX400, GX440, GX450, and LS300 devices allows remote attackers to read the filteredlogs.txt file, and consequently discover potentially sensitive boot-sequence information, via unspecified vectors. | |||||
CVE-2015-2897 | 1 Sierrawireless | 6 Airlink Es440, Airlink Es450, Airlink Gx440 and 3 more | 2024-11-21 | 10.0 HIGH | N/A |
Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote attackers to obtain administrative access via a (1) SSH or (2) TELNET session. | |||||
CVE-2013-2820 | 1 Sierrawireless | 19 Airlink Mp At\&t, Airlink Mp At\&t Wifi, Airlink Mp Bell and 16 more | 2024-11-21 | 10.0 HIGH | N/A |
The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to reprogram the firmware via a replay attack using UDP ports 17336 and 17388. | |||||
CVE-2013-2819 | 1 Sierrawireless | 19 Airlink Mp At\&t, Airlink Mp At\&t Wifi, Airlink Mp Bell and 16 more | 2024-11-21 | 9.3 HIGH | N/A |
The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to install Trojan horse firmware by leveraging cleartext credentials in a crafted (1) update or (2) reprogramming action. |