Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sierra wireless vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2016-5071
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root.
Sierrawireless Aleos Firmware 4.3.2
9.8
CVSSv3
CVE-2016-5066
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.
Sierrawireless Aleos Firmware 4.3.2
9.8
CVSSv3
CVE-2016-5069
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL.
Sierrawireless Aleos Firmware 4.3.2
6.5
CVSSv3
CVE-2019-13988
Sierra Wireless MGOS prior to 3.15.2 and 4.x prior to 4.3 allows malicious users to read log files via a Direct Request (aka Forced Browsing).
Sierrawireless Mgos
9.8
CVSSv3
CVE-2020-11101
Sierra Wireless AirLink Mobility Manager (AMM) prior to 2.17 mishandles sessions and thus an unauthenticated attacker can obtain a login session with administrator privileges.
Sierrawireless Airlink Mobility Manager
NA
CVE-2013-2820
The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote malicious users to reprogram the firmware via a replay attack using UDP ports 17336 and 17388.
Sierrawireless Raven X Ev-do Firmware 4221 4.0.11.003
Sierrawireless Raven X Ev-do Firmware 4228 4.0.11.003
Sierrawireless Airlink Mp Row -
Sierrawireless Airlink Mp Row Wifi -
Sierrawireless Airlink Mp Sprint -
Sierrawireless Airlink Mp Sprint Wifi -
Sierrawireless Airlink Mp Verizon -
Sierrawireless Airlink Mp Bell -
Sierrawireless Airlink Mp Telus -
Sierrawireless Airlink Mp Verizon Wifi -
Sierrawireless Pinpoint Xt -
Sierrawireless Airlink Mp At\\&t -
Sierrawireless Airlink Mp At\\&t Wifi -
Sierrawireless Raven Xt -
Sierrawireless Raven Xe -
Sierrawireless Raven X -
Sierrawireless Airlink Mp Bell Wifi -
Sierrawireless Airlink Mp Telus Wifi -
Sierrawireless Raven X Ev-do -
Sierrawireless Pinpoint X -
NA
CVE-2013-2819
The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote malicious users to install Trojan horse firmware by leveraging cleartext credentials in a crafted (1) update or (2) reprogramming action.
Sierrawireless Raven X Ev-do Firmware 4221 4.0.11.003
Sierrawireless Raven X Ev-do Firmware 4228 4.0.11.003
Sierrawireless Pinpoint Xt -
Sierrawireless Pinpoint X -
Sierrawireless Raven Xt -
Sierrawireless Raven Xe -
Sierrawireless Airlink Mp At\\&t -
Sierrawireless Airlink Mp Bell -
Sierrawireless Airlink Mp Sprint Wifi -
Sierrawireless Airlink Mp Verizon Wifi -
Sierrawireless Airlink Mp Telus -
Sierrawireless Airlink Mp Telus Wifi -
Sierrawireless Airlink Mp Row -
Sierrawireless Airlink Mp Row Wifi -
Sierrawireless Airlink Mp Sprint -
Sierrawireless Airlink Mp At\\&t Wifi -
Sierrawireless Airlink Mp Bell Wifi -
Sierrawireless Airlink Mp Verizon -
Sierrawireless Raven X Ev-do -
Sierrawireless Raven X -
9.8
CVSSv3
CVE-2019-11851
The ACENet service in Sierra Wireless ALEOS prior to 4.4.9, 4.5.x up to and including 4.9.x prior to 4.9.5, and 4.10.x up to and including 4.13.x prior to 4.14.0 allows remote malicious users to execute arbitrary code via a buffer overflow.
Sierrawireless Aleos
4.3
CVSSv3
CVE-2015-6479
ACEmanager in Sierra Wireless ALEOS 4.4.2 and previous versions on ES440, ES450, GX400, GX440, GX450, and LS300 devices allows remote malicious users to read the filteredlogs.txt file, and consequently discover potentially sensitive boot-sequence information, via unspecified vect...
Sierrawireless Aleos
7.8
CVSSv3
CVE-2020-8948
The Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP) before build 5043 allows an unprivileged user to overwrite arbitrary files in arbitrary folders using hard links. An unprivileged user could leverage this vulnerability to execute arbitrary code with system privi...
Sierrawireless Mobile Broadband Driver Package
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »