Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sierrawireless aleos vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2019-11851
The ACENet service in Sierra Wireless ALEOS prior to 4.4.9, 4.5.x up to and including 4.9.x prior to 4.9.5, and 4.10.x up to and including 4.13.x prior to 4.14.0 allows remote malicious users to execute arbitrary code via a buffer overflow.
Sierrawireless Aleos
641
VMScore
CVE-2020-8781
Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 and later allow an escalation to root from a low-privilege process.
Sierrawireless Aleos
668
VMScore
CVE-2020-8782
Unauthenticated RPC server on ALEOS prior to 4.4.9, 4.9.5, and 4.14.0 allows remote code execution.
Sierrawireless Aleos
NA
CVE-2023-40459
The ACEManager component of ALEOS 4.16 and previous versions does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions. ACEManager recovers f...
Sierrawireless Aleos
1 Github repository
NA
CVE-2023-40465
Several versions of ALEOS, including ALEOS 4.16.0, include an opensource third-party component which can be exploited from the local area network, resulting in a Denial of Service condition for the captive portal.
Sierrawireless Aleos
641
VMScore
CVE-2019-11847
An improper privilege management vulnerabitlity exists in ALEOS prior to 4.11.0, 4.9.4 and 4.4.9. An authenticated user can escalate to root via the command shell.
Sierrawireless Aleos
490
VMScore
CVE-2019-11856
A nonce reuse vulnerability exists in the ACEView service of ALEOS prior to 4.13.0, 4.9.5, and 4.4.9 allowing message replay. Captured traffic to the ACEView service can be replayed to other gateways sharing the same credentials.
Sierrawireless Aleos
578
VMScore
CVE-2019-11858
Multiple buffer overflow vulnerabilities exist in the AceManager Web API of ALEOS prior to 4.13.0, 4.9.5, and 4.4.9.
Sierrawireless Aleos
890
VMScore
CVE-2018-10251
A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware prior to 4.4.7 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware prior to 4.9.3 could allow an unauthenticated remote malicious user to execute arbitrary code and ga...
Sierrawireless Aleos
NA
CVE-2023-38321
OpenNDS, as used in Sierra Wireless ALEOS prior to 4.17.0.12 and other products, allows remote malicious users to cause a denial of service (NULL pointer dereference, daemon crash, and Captive Portal outage) via a GET request to /opennds_auth/ that lacks a custom query string par...
Sierrawireless Aleos
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »