CVE-2018-4068

An exploitable information disclosure vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A HTTP request can result in disclosure of the default configuration for the device. An attacker can send an unauthenticated HTTP request to trigger this...

CVE-2018-4067

An exploitable information disclosure vulnerability exists in the ACEManager templateload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a information leak, resulting in the disclosure of internal paths and files. An attacker can make an...

EUVD-2022-49452

Malicious code in bioql PyPI...

CVE-2022-46650

Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page...

CVE-2018-4066

An exploitable cross-site request forgery vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause an authenticated user to perform privileged requests unknowingly, resulting in unauthenticated requests being...

The vulnerability of the ACEManager component in the microprogramming software ALEOS for Sierra Wireless’ routers allows a attacker to trigger a Denial-of-Service Attack (DoS).

The vulnerability of the ACEManager component in the ALEOS router software from Sierra Wireless relates to the execution of a loop with an unavailable exit condition. Exploiting this vulnerability could allow a malicious actor to trigger a Denial-of-Service attack remotely...

The vulnerability of the ACEManager component in the ALEOS operating system of Sierra Wireless’ wireless routers—MP70, RV50x, RV55, LX40, LX60 ES450, GX450—allows a hacker to cause service interruptions.

The vulnerability of the ACEManager component in the ALEOS operating system for wireless routers from Sierra Wireless—such as the MP70, RV50x, RV55, LX40, LX60 ES450, and GX450 models—is related to pre-installed credentials due to the use of the assert function or similar operators. Exploiting th...

The vulnerability of the ACEManager component in the ALEOS operating system of Sierra Wireless’ wireless routers—MP70, RV50x, RV55, LX40, LX60 ES450, GX450—allows attackers to carry out cross-site scripting attacks.

The vulnerability of the ACEManager component in the ALEOS operating system of Sierra Wireless’ wireless routers—MP70, RV50x, RV55, LX40, LX60 ES450, GX450—is related to the lack of protective measures for website structures. Exploiting this vulnerability allows a remote attacker to perform...

CVE-2022-46649

Acemanager in ALEOS before version 4.16 allows a user with valid credentials to manipulate the IP logging operation to execute arbitrary shell commands on the device...

Sierra Wireless AirLink ES450 Cross-Site Request Forgery Vulnerability

The Sierra Wireless AirLink ES450 is a cellular network modem device from Sierra Wireless Canada. A cross-site request forgery vulnerability exists in the ACEManager feature in the Sierra Wireless AirLink ES450 using firmware version 4.9.3. The vulnerability stems from the WEB application not...