Vulnerabilities (CVE)

Filtered by vendor Sierrawireless Subscribe
Filtered by product Aleos Firmware
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-5071 1 Sierrawireless 2 Aleos Firmware, Gx 440 2024-11-21 10.0 HIGH 8.8 HIGH
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root.
CVE-2016-5070 1 Sierrawireless 2 Aleos Firmware, Gx 440 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext.
CVE-2016-5069 1 Sierrawireless 2 Aleos Firmware, Gx 440 2024-11-21 7.5 HIGH 9.8 CRITICAL
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL.
CVE-2016-5068 1 Sierrawireless 2 Aleos Firmware, Gx 440 2024-11-21 7.5 HIGH 9.8 CRITICAL
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests.
CVE-2016-5067 1 Sierrawireless 2 Aleos Firmware, Gx 440 2024-11-21 9.0 HIGH 8.8 HIGH
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection.
CVE-2016-5066 1 Sierrawireless 2 Aleos Firmware, Gx 440 2024-11-21 10.0 HIGH 9.8 CRITICAL
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.
CVE-2016-5065 1 Sierrawireless 2 Aleos Firmware, Gx 440 2024-11-21 7.5 HIGH 9.8 CRITICAL
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection.