Vulnerabilities (CVE)

Filtered by vendor Sierrawireless Subscribe
Filtered by product Lx40
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-40462 2 Debian, Sierrawireless 9 Debian Linux, Aleos, Es450 and 6 more 2024-11-21 N/A 7.5 HIGH
The ACEManager component of ALEOS 4.16 and earlier does not perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting within ten seconds of becoming unavailable.
CVE-2023-38321 1 Sierrawireless 6 Aleos, Lx40, Lx60 and 3 more 2024-11-21 N/A 7.5 HIGH
OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference, daemon crash, and Captive Portal outage) via a GET request to /opennds_auth/ that lacks a custom query string parameter and client-token.
CVE-2022-46650 1 Sierrawireless 9 Aleos, Es450, Gx450 and 6 more 2024-11-21 N/A 4.9 MEDIUM
Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page.
CVE-2022-46649 1 Sierrawireless 9 Aleos, Es450, Gx450 and 6 more 2024-11-21 N/A 8.8 HIGH
Acemanager in ALEOS before version 4.16 allows a user with valid credentials to manipulate the IP logging operation to execute arbitrary shell commands on the device.
CVE-2019-11851 1 Sierrawireless 13 Aleos, Es440, Es450 and 10 more 2024-11-21 N/A 9.8 CRITICAL
The ACENet service in Sierra Wireless ALEOS before 4.4.9, 4.5.x through 4.9.x before 4.9.5, and 4.10.x through 4.13.x before 4.14.0 allows remote attackers to execute arbitrary code via a buffer overflow.