Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sierrawireless aleos vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2015-6479
ACEmanager in Sierra Wireless ALEOS 4.4.2 and previous versions on ES440, ES450, GX400, GX440, GX450, and LS300 devices allows remote malicious users to read the filteredlogs.txt file, and consequently discover potentially sensitive boot-sequence information, via unspecified vect...
Sierrawireless Aleos
7.8
CVSSv3
CVE-2020-8781
Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 and later allow an escalation to root from a low-privilege process.
Sierrawireless Aleos
9.8
CVSSv3
CVE-2020-8782
Unauthenticated RPC server on ALEOS prior to 4.4.9, 4.9.5, and 4.14.0 allows remote code execution.
Sierrawireless Aleos
7.5
CVSSv3
CVE-2023-38321
OpenNDS, as used in Sierra Wireless ALEOS prior to 4.17.0.12 and other products, allows remote malicious users to cause a denial of service (NULL pointer dereference, daemon crash, and Captive Portal outage) via a GET request to /opennds_auth/ that lacks a custom query string par...
Sierrawireless Aleos
8.8
CVSSv3
CVE-2022-46649
Acemanager in ALEOS before version 4.16 allows a user with valid credentials to manipulate the IP logging operation to execute arbitrary shell commands on the device.
Sierrawireless Aleos
7.5
CVSSv3
CVE-2023-40458
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Sierra Wireless, Inc ALEOS could potentially allow a remote malicious user to trigger a Denial of Service (DoS) condition for ACEManager without impairing other router functions. This condition is c...
Sierrawireless Aleos
7.5
CVSSv3
CVE-2023-40459
The ACEManager component of ALEOS 4.16 and previous versions does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions. ACEManager recovers f...
Sierrawireless Aleos
1 Github repository
5.4
CVSSv3
CVE-2023-40460
The ACEManager component of ALEOS 4.16 and previous versions does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within ACEManager, altering the device functionality until the device is rest...
Sierrawireless Aleos
4.8
CVSSv3
CVE-2023-40461
The ACEManager component of ALEOS 4.16 and previous versions allows an authenticated user with Administrator privileges to access a file upload field which does not fully validate the file name, creating a Stored Cross-Site Scripting condition.
Sierrawireless Aleos
7.2
CVSSv3
CVE-2023-40463
When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and previous versions store the SHA512 hash of the common root password for that version in a directory accessible to a user with root privileges or equivalent access.
Sierrawireless Aleos
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »