Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
aleos vulnerabilities and exploits
(subscribe to this query)
6.7
CVSSv3
CVE-2019-11849
A stack overflow vulnerabiltity exists in the AT command APIs of ALEOS prior to 4.11.0. The vulnerability may allow code execution.
Sierrawireless Aleos
9.8
CVSSv3
CVE-2019-11851
The ACENet service in Sierra Wireless ALEOS prior to 4.4.9, 4.5.x up to and including 4.9.x prior to 4.9.5, and 4.10.x up to and including 4.13.x prior to 4.14.0 allows remote malicious users to execute arbitrary code via a buffer overflow.
Sierrawireless Aleos
9.1
CVSSv3
CVE-2019-11852
An out-of-bounds reads vulnerability exists in the ACEView Service of ALEOS prior to 4.13.0, 4.9.5, and 4.4.9. Sensitive information may be disclosed via the ACEviewservice, accessible by default on the LAN.
Sierrawireless Aleos
7.2
CVSSv3
CVE-2019-11853
Several potential command injections vulnerabilities exist in the AT command interface of ALEOS prior to 4.11.0, and 4.9.4.
Sierrawireless Aleos
3.8
CVSSv3
CVE-2019-11856
A nonce reuse vulnerability exists in the ACEView service of ALEOS prior to 4.13.0, 4.9.5, and 4.4.9 allowing message replay. Captured traffic to the ACEView service can be replayed to other gateways sharing the same credentials.
Sierrawireless Aleos
7.2
CVSSv3
CVE-2019-11858
Multiple buffer overflow vulnerabilities exist in the AceManager Web API of ALEOS prior to 4.13.0, 4.9.5, and 4.4.9.
Sierrawireless Aleos
8.4
CVSSv3
CVE-2019-11862
The SSH service on ALEOS prior to 4.12.0, 4.9.5, 4.4.9 allows traffic proxying.
Sierrawireless Aleos
9.8
CVSSv3
CVE-2020-8782
Unauthenticated RPC server on ALEOS prior to 4.4.9, 4.9.5, and 4.14.0 allows remote code execution.
Sierrawireless Aleos
7.8
CVSSv3
CVE-2020-8781
Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 and later allow an escalation to root from a low-privilege process.
Sierrawireless Aleos
7.5
CVSSv3
CVE-2023-38321
OpenNDS, as used in Sierra Wireless ALEOS prior to 4.17.0.12 and other products, allows remote malicious users to cause a denial of service (NULL pointer dereference, daemon crash, and Captive Portal outage) via a GET request to /opennds_auth/ that lacks a custom query string par...
Sierrawireless Aleos
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111
CVE-2024-32884
IDOR
CVE-2023-1000
CVE-2024-33260
CVE-2024-3682
reflected XSS
race condition
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »