Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sierrawireless vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-40459
The ACEManager component of ALEOS 4.16 and previous versions does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions. ACEManager recovers f...
Sierrawireless Aleos
1 Github repository
NA
CVE-2023-40460
The ACEManager component of ALEOS 4.16 and previous versions does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within ACEManager, altering the device functionality until the device is rest...
Sierrawireless Aleos
NA
CVE-2023-40461
The ACEManager component of ALEOS 4.16 and previous versions allows an authenticated user with Administrator privileges to access a file upload field which does not fully validate the file name, creating a Stored Cross-Site Scripting condition.
Sierrawireless Aleos
NA
CVE-2023-40464
Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded SSL certificate and private key. An attacker with access to these items could potentially perform a man in the middle attack between the ACEManager client and ACEManager server.
Sierrawireless Aleos
NA
CVE-2023-40465
Several versions of ALEOS, including ALEOS 4.16.0, include an opensource third-party component which can be exploited from the local area network, resulting in a Denial of Service condition for the captive portal.
Sierrawireless Aleos
6.4
CVSSv2
CVE-2019-11852
An out-of-bounds reads vulnerability exists in the ACEView Service of ALEOS prior to 4.13.0, 4.9.5, and 4.4.9. Sensitive information may be disclosed via the ACEviewservice, accessible by default on the LAN.
Sierrawireless Aleos
4.6
CVSSv2
CVE-2019-11849
A stack overflow vulnerabiltity exists in the AT command APIs of ALEOS prior to 4.11.0. The vulnerability may allow code execution.
Sierrawireless Aleos
4.6
CVSSv2
CVE-2019-11850
A stack overflow vulnerabiltity exist in the AT command interface of ALEOS prior to 4.11.0. The vulnerability may allow code execution
Sierrawireless Aleos
NA
CVE-2019-11851
The ACENet service in Sierra Wireless ALEOS prior to 4.4.9, 4.5.x up to and including 4.9.x prior to 4.9.5, and 4.10.x up to and including 4.13.x prior to 4.14.0 allows remote malicious users to execute arbitrary code via a buffer overflow.
Sierrawireless Aleos
6.5
CVSSv2
CVE-2019-11853
Several potential command injections vulnerabilities exist in the AT command interface of ALEOS prior to 4.11.0, and 4.9.4.
Sierrawireless Aleos
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »