Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sierrawireless aleos vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-46650
Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page.
Sierrawireless Aleos
NA
CVE-2019-11851
The ACENet service in Sierra Wireless ALEOS prior to 4.4.9, 4.5.x up to and including 4.9.x prior to 4.9.5, and 4.10.x up to and including 4.13.x prior to 4.14.0 allows remote malicious users to execute arbitrary code via a buffer overflow.
Sierrawireless Aleos
7.2
CVSSv2
CVE-2020-8781
Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 and later allow an escalation to root from a low-privilege process.
Sierrawireless Aleos
7.5
CVSSv2
CVE-2020-8782
Unauthenticated RPC server on ALEOS prior to 4.4.9, 4.9.5, and 4.14.0 allows remote code execution.
Sierrawireless Aleos
7.2
CVSSv2
CVE-2019-11847
An improper privilege management vulnerabitlity exists in ALEOS prior to 4.11.0, 4.9.4 and 4.4.9. An authenticated user can escalate to root via the command shell.
Sierrawireless Aleos
5.5
CVSSv2
CVE-2019-11856
A nonce reuse vulnerability exists in the ACEView service of ALEOS prior to 4.13.0, 4.9.5, and 4.4.9 allowing message replay. Captured traffic to the ACEView service can be replayed to other gateways sharing the same credentials.
Sierrawireless Aleos
6.5
CVSSv2
CVE-2019-11858
Multiple buffer overflow vulnerabilities exist in the AceManager Web API of ALEOS prior to 4.13.0, 4.9.5, and 4.4.9.
Sierrawireless Aleos
6.5
CVSSv2
CVE-2019-11848
An API abuse vulnerability exists in the AT command API of ALEOS prior to 4.13.0, 4.9.5, 4.4.9 due to lack of length checking when handling certain user-provided values.
Sierrawireless Aleos
4.6
CVSSv2
CVE-2019-11849
A stack overflow vulnerabiltity exists in the AT command APIs of ALEOS prior to 4.11.0. The vulnerability may allow code execution.
Sierrawireless Aleos
4.6
CVSSv2
CVE-2019-11850
A stack overflow vulnerabiltity exist in the AT command interface of ALEOS prior to 4.11.0. The vulnerability may allow code execution
Sierrawireless Aleos
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »