Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5071 | 1 Sierrawireless | 2 Aleos Firmware, Gx 440 | 2024-11-21 | 10.0 HIGH | 8.8 HIGH |
| Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root. | |||||
| CVE-2016-5070 | 1 Sierrawireless | 2 Aleos Firmware, Gx 440 | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext. | |||||
| CVE-2016-5069 | 1 Sierrawireless | 2 Aleos Firmware, Gx 440 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL. | |||||
| CVE-2016-5068 | 1 Sierrawireless | 2 Aleos Firmware, Gx 440 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests. | |||||
| CVE-2016-5067 | 1 Sierrawireless | 2 Aleos Firmware, Gx 440 | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection. | |||||
| CVE-2016-5066 | 1 Sierrawireless | 2 Aleos Firmware, Gx 440 | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user. | |||||
| CVE-2016-5065 | 1 Sierrawireless | 2 Aleos Firmware, Gx 440 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection. | |||||