Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
aleos vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-40460
The ACEManager component of ALEOS 4.16 and previous versions does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within ACEManager, altering the device functionality until the device is rest...
Sierrawireless Aleos
NA
CVE-2023-40461
The ACEManager component of ALEOS 4.16 and previous versions allows an authenticated user with Administrator privileges to access a file upload field which does not fully validate the file name, creating a Stored Cross-Site Scripting condition.
Sierrawireless Aleos
NA
CVE-2023-40464
Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded SSL certificate and private key. An attacker with access to these items could potentially perform a man in the middle attack between the ACEManager client and ACEManager server.
Sierrawireless Aleos
4.6
CVSSv2
CVE-2019-11850
A stack overflow vulnerabiltity exist in the AT command interface of ALEOS prior to 4.11.0. The vulnerability may allow code execution
Sierrawireless Aleos
6.5
CVSSv2
CVE-2019-11853
Several potential command injections vulnerabilities exist in the AT command interface of ALEOS prior to 4.11.0, and 4.9.4.
Sierrawireless Aleos
7.5
CVSSv2
CVE-2019-11855
An RPC server is enabled by default on the gateway's LAN of ALEOS prior to 4.12.0, 4.9.5, and 4.4.9.
Sierrawireless Aleos
6.5
CVSSv2
CVE-2019-11858
Multiple buffer overflow vulnerabilities exist in the AceManager Web API of ALEOS prior to 4.13.0, 4.9.5, and 4.4.9.
Sierrawireless Aleos
NA
CVE-2023-38321
OpenNDS, as used in Sierra Wireless ALEOS prior to 4.17.0.12 and other products, allows remote malicious users to cause a denial of service (NULL pointer dereference, daemon crash, and Captive Portal outage) via a GET request to /opennds_auth/ that lacks a custom query string par...
Sierrawireless Aleos
NA
CVE-2023-40462
The ACEManager component of ALEOS 4.16 and previous versions does not perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS...
Sierrawireless Aleos
Debian Debian Linux 10.0
7.5
CVSSv2
CVE-2016-5065
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection.
Sierrawireless Aleos Firmware 4.3.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2024-34928
CVE-2024-5291
deserialization
CVE-2024-4471
CVE-2024-4956
CVE-2024-32002
CVE-2024-5227
unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »