Linux Distros Unpatched Vulnerability : CVE-2023-40458

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Sierra Wireless, Inc ALEOS could potentially allow a remote attacker to trigger a Denial o...

CVE-2023-40464

Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded SSL certificate and private key. An attacker with access to these items could potentially perform a man in the middle attack between the ACEManager client and ACEManager server...

CVE-2023-40462

The ACEManager component of ALEOS 4.16 and earlier does not perform input sanitization during authentication, which could potentially result in a Denial of Service DoS condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting withi...

CVE-2023-40459

The ACEManager component of ALEOS 4.16 and earlier does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service DoS condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by...

Sierra Wireless ALEOS Cross-Site Scripting Vulnerability

Sierra Wireless ALEOS AAF is a framework for creating applications in Sierra Wireless AirLink gateways from Sierra Wireless Canada. A security vulnerability exists in Sierra Wireless ALEOS 4.16 and earlier versions that stems from the ACEManager component not validating the name and type of...

Sierra Wireless ALEOS Code Issue Vulnerability

Sierra Wireless ALEOS AAF is a framework for creating applications in Sierra Wireless AirLink gateways from Sierra Wireless Canada. A code issue vulnerability exists in Sierra Wireless ALEOS 4.16 and prior versions that stems from a denial of service DOS vulnerability in the ACEManager component...

CVE-2023-40458

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Sierra Wireless, Inc ALEOS could potentially allow a remote attacker to trigger a Denial of Service DoS condition for ACEManager without impairing other router functions. This condition is cleared by restarting the device...

UBUNTU-CVE-2023-40458

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Sierra Wireless, Inc ALEOS could potentially allow a remote attacker to trigger a Denial of Service DoS condition for ACEManager without impairing other router functions. This condition is cleared by restarting the device...

PT-2023-7919 · Sierra Wireless · Aleos

Name of the Vulnerable Software and Affected Versions: Sierra Wireless, Inc ALEOS affected versions not specified Description: The issue is related to a Loop with Unreachable Exit Condition, also known as an 'Infinite Loop', which could potentially allow a remote attacker to trigger a Denial of...

PT-2023-7522 · Aleos · Aleos

Name of the Vulnerable Software and Affected Versions: ALEOS versions 4.16 and earlier Description: The ACEManager component of ALEOS does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service DoS condition for ACEManager without...

CVE-2022-46650

Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page...

Sierra Wireless AirLink Router 信息泄露漏洞

Sierra Wireless AirLink Router is a series of wireless routers from Sierra. A security vulnerability exists in the Sierra Wireless AirLink Router that stems from the fact that a user with valid ACEManager credentials and access to the ACEManager interface can reconfigure the device so that the...

CVE-2019-11857

Lack of input sanitization in AceManager of ALEOS before 4.12.0, 4.9.5 and 4.4.9 allows disclosure of sensitive system information...

CVE-2018-4064

An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user password on the...

CVE-2018-4065

An exploitable cross-site scripting vulnerability exists in the ACEManager pingresult.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the...

CVE-2018-4068

An exploitable information disclosure vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A HTTP request can result in disclosure of the default configuration for the device. An attacker can send an unauthenticated HTTP request to trigger this...

CVE-2018-4061

An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HTTP reque...

Sierra Wireless AirLink ES450 Information Disclosure Vulnerability (CNVD-2019-13240)

The Sierra Wireless AirLink ES450 is a cellular network modem device from Sierra Wireless Canada. An information disclosure vulnerability exists in the ACEManager feature in the Sierra Wireless AirLink ES450 using firmware version 4.9.3, which can be exploited by an unauthorized attacker to obtai...

Sierra Wireless AirLink ES450 Information Disclosure Vulnerability (CNVD-2019-13397)

The Sierra Wireless AirLink ES450 is a cellular network modem device from Sierra Wireless Canada. An information disclosure vulnerability exists in the ACEManager templateload.cgi function in the Sierra Wireless AirLink ES450 using firmware version 4.9.3. The vulnerability stems from an error in...

Sierra Wireless AirLink ES450 Operating System Command Injection Vulnerability

The Sierra Wireless AirLink ES450 is a cellular network modem device from Sierra Wireless Canada. An operating system command injection vulnerability exists in the ACEManager iplogging.cgi function in the Sierra Wireless AirLink ES450 with firmware version 4.9.3, which can be exploited by an...