Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sierrawireless aleos vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-38321
OpenNDS, as used in Sierra Wireless ALEOS prior to 4.17.0.12 and other products, allows remote malicious users to cause a denial of service (NULL pointer dereference, daemon crash, and Captive Portal outage) via a GET request to /opennds_auth/ that lacks a custom query string par...
Sierrawireless Aleos
641
VMScore
CVE-2020-8781
Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 and later allow an escalation to root from a low-privilege process.
Sierrawireless Aleos
383
VMScore
CVE-2015-6479
ACEmanager in Sierra Wireless ALEOS 4.4.2 and previous versions on ES440, ES450, GX400, GX440, GX450, and LS300 devices allows remote malicious users to read the filteredlogs.txt file, and consequently discover potentially sensitive boot-sequence information, via unspecified vect...
Sierrawireless Aleos
NA
CVE-2023-40464
Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded SSL certificate and private key. An attacker with access to these items could potentially perform a man in the middle attack between the ACEManager client and ACEManager server.
Sierrawireless Aleos
NA
CVE-2022-46649
Acemanager in ALEOS before version 4.16 allows a user with valid credentials to manipulate the IP logging operation to execute arbitrary shell commands on the device.
Sierrawireless Aleos
NA
CVE-2022-46650
Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page.
Sierrawireless Aleos
890
VMScore
CVE-2018-10251
A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware prior to 4.4.7 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware prior to 4.9.3 could allow an unauthenticated remote malicious user to execute arbitrary code and ga...
Sierrawireless Aleos
668
VMScore
CVE-2020-8782
Unauthenticated RPC server on ALEOS prior to 4.4.9, 4.9.5, and 4.14.0 allows remote code execution.
Sierrawireless Aleos
NA
CVE-2023-40459
The ACEManager component of ALEOS 4.16 and previous versions does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions. ACEManager recovers f...
Sierrawireless Aleos
1 Github repository
NA
CVE-2023-40461
The ACEManager component of ALEOS 4.16 and previous versions allows an authenticated user with Administrator privileges to access a file upload field which does not fully validate the file name, creating a Stored Cross-Site Scripting condition.
Sierrawireless Aleos
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654
CVE-2023-49606
encryption
NULL pointer dereference
CVE-2024-4439
CVE-2024-4649
race condition
CVE-2024-27202
CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »