Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
aleos vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-40463
When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and previous versions store the SHA512 hash of the common root password for that version in a directory accessible to a user with root privileges or equivalent access.
Sierrawireless Aleos
7.2
CVSSv2
CVE-2020-8781
Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 and later allow an escalation to root from a low-privilege process.
Sierrawireless Aleos
10
CVSSv2
CVE-2015-2897
Sierra Wireless ALEOS prior to 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote malicious users to obtain administrative access via a (1) SSH or (2) TELNET session.
Sierrawireless Aleos
4.3
CVSSv2
CVE-2015-6479
ACEmanager in Sierra Wireless ALEOS 4.4.2 and previous versions on ES440, ES450, GX400, GX440, GX450, and LS300 devices allows remote malicious users to read the filteredlogs.txt file, and consequently discover potentially sensitive boot-sequence information, via unspecified vect...
Sierrawireless Aleos
7.5
CVSSv2
CVE-2020-8782
Unauthenticated RPC server on ALEOS prior to 4.4.9, 4.9.5, and 4.14.0 allows remote code execution.
Sierrawireless Aleos
10
CVSSv2
CVE-2018-10251
A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware prior to 4.4.7 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware prior to 4.9.3 could allow an unauthenticated remote malicious user to execute arbitrary code and ga...
Sierrawireless Aleos
7.5
CVSSv2
CVE-2019-11855
An RPC server is enabled by default on the gateway's LAN of ALEOS prior to 4.12.0, 4.9.5, and 4.4.9.
Sierrawireless Aleos
9
CVSSv2
CVE-2019-11859
A buffer overflow exists in the SMS handler API of ALEOS prior to 4.13.0, 4.9.5, 4.9.4 that may allow code execution as root.
Sierrawireless Aleos
7.2
CVSSv2
CVE-2019-11847
An improper privilege management vulnerabitlity exists in ALEOS prior to 4.11.0, 4.9.4 and 4.4.9. An authenticated user can escalate to root via the command shell.
Sierrawireless Aleos
6.5
CVSSv2
CVE-2019-11848
An API abuse vulnerability exists in the AT command API of ALEOS prior to 4.13.0, 4.9.5, 4.4.9 due to lack of length checking when handling certain user-provided values.
Sierrawireless Aleos
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »