Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sierrawireless vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2019-11852
An out-of-bounds reads vulnerability exists in the ACEView Service of ALEOS prior to 4.13.0, 4.9.5, and 4.4.9. Sensitive information may be disclosed via the ACEviewservice, accessible by default on the LAN.
Sierrawireless Aleos
7.2
CVSSv3
CVE-2019-11853
Several potential command injections vulnerabilities exist in the AT command interface of ALEOS prior to 4.11.0, and 4.9.4.
Sierrawireless Aleos
9.8
CVSSv3
CVE-2019-11855
An RPC server is enabled by default on the gateway's LAN of ALEOS prior to 4.12.0, 4.9.5, and 4.4.9.
Sierrawireless Aleos
3.8
CVSSv3
CVE-2019-11856
A nonce reuse vulnerability exists in the ACEView service of ALEOS prior to 4.13.0, 4.9.5, and 4.4.9 allowing message replay. Captured traffic to the ACEView service can be replayed to other gateways sharing the same credentials.
Sierrawireless Aleos
4.9
CVSSv3
CVE-2019-11857
Lack of input sanitization in AceManager of ALEOS prior to 4.12.0, 4.9.5 and 4.4.9 allows disclosure of sensitive system information.
Sierrawireless Aleos
7.2
CVSSv3
CVE-2019-11858
Multiple buffer overflow vulnerabilities exist in the AceManager Web API of ALEOS prior to 4.13.0, 4.9.5, and 4.4.9.
Sierrawireless Aleos
8.8
CVSSv3
CVE-2019-11859
A buffer overflow exists in the SMS handler API of ALEOS prior to 4.13.0, 4.9.5, 4.9.4 that may allow code execution as root.
Sierrawireless Aleos
8.4
CVSSv3
CVE-2019-11862
The SSH service on ALEOS prior to 4.12.0, 4.9.5, 4.4.9 allows traffic proxying.
Sierrawireless Aleos
6.8
CVSSv3
CVE-2023-40464
Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded SSL certificate and private key. An attacker with access to these items could potentially perform a man in the middle attack between the ACEManager client and ACEManager server.
Sierrawireless Aleos
6.5
CVSSv3
CVE-2019-13988
Sierra Wireless MGOS prior to 3.15.2 and 4.x prior to 4.3 allows malicious users to read log files via a Direct Request (aka Forced Browsing).
Sierrawireless Mgos
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »