Lucene search
K

265 matches found

OSV
OSV
added 2023/12/04 11:15 p.m.4 views

CVE-2023-40463

When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and earlier store the SHA512 hash of the common root password for that version in a directory accessible to a user with root privileges or equivalent access...

7.2CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2023/12/04 11:15 p.m.23 views

CVE-2023-40460

The ACEManager component of ALEOS 4.16 and earlier does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within ACEManager, altering the device functionality until the device is restarted...

7.1CVSS0.00482EPSS
Exploits0References1
NVD
NVD
added 2023/12/04 11:15 p.m.23 views

CVE-2023-40461

The ACEManager component of ALEOS 4.16 and earlier allows an authenticated user with Administrator privileges to access a file upload field which does not fully validate the file name, creating a Stored Cross-Site Scripting condition...

8.1CVSS0.00456EPSS
Exploits0References1
OSV
OSV
added 2023/12/04 11:15 p.m.4 views

CVE-2023-40460

The ACEManager component of ALEOS 4.16 and earlier does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within ACEManager, altering the device functionality until the device is restarted...

5.4CVSS5.9AI score
Exploits0References1
OSV
OSV
added 2023/12/04 11:15 p.m.4 views

CVE-2023-40461

The ACEManager component of ALEOS 4.16 and earlier allows an authenticated user with Administrator privileges to access a file upload field which does not fully validate the file name, creating a Stored Cross-Site Scripting condition...

4.8CVSS5.8AI score0.00456EPSS
Exploits0References1
NVD
NVD
added 2023/12/04 11:15 p.m.17 views

CVE-2023-40462

The ACEManager component of ALEOS 4.16 and earlier does not perform input sanitization during authentication, which could potentially result in a Denial of Service DoS condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting withi...

7.5CVSS0.00878EPSS
Exploits0References2
OSV
OSV
added 2023/12/04 11:15 p.m.2 views

CVE-2023-40462

The ACEManager component of ALEOS 4.16 and earlier does not perform input sanitization during authentication, which could potentially result in a Denial of Service DoS condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting withi...

7.5CVSS5.8AI score0.00878EPSS
Exploits0References2
NVD
NVD
added 2023/12/04 11:15 p.m.32 views

CVE-2023-40463

When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and earlier store the SHA512 hash of the common root password for that version in a directory accessible to a user with root privileges or equivalent access...

8.1CVSS0.00631EPSS
Exploits0References1
OSV
OSV
added 2023/12/04 11:15 p.m.4 views

CVE-2023-40459

The ACEManager component of ALEOS 4.16 and earlier does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service DoS condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by...

7.5CVSS5.8AI score0.02296EPSS
Exploits2References1
NVD
NVD
added 2023/12/04 11:15 p.m.49 views

CVE-2023-40459

The ACEManager component of ALEOS 4.16 and earlier does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service DoS condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by...

7.5CVSS0.02296EPSS
Exploits2References1
Prion
Prion
added 2023/12/04 11:15 p.m.25 views

Cross site scripting

The ACEManager component of ALEOS 4.16 and earlier allows an authenticated user with Administrator privileges to access a file upload field which does not fully validate the file name, creating a Stored Cross-Site Scripting condition...

4.3CVSS7.1AI score0.00456EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/12/04 11:15 p.m.18 views

Design/Logic Flaw

The ACEManager component of ALEOS 4.16 and earlier does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within ACEManager, altering the device functionality until the device is restarted...

4.9CVSS7.1AI score0.00482EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/12/04 11:15 p.m.16 views

Design/Logic Flaw

Several versions of ALEOS, including ALEOS 4.16.0, include an opensource third-party component which can be exploited from the local area network, resulting in a Denial of Service condition for the captive portal...

1.7CVSS7.2AI score0.00214EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/12/04 11:15 p.m.18 views

Hardcoded credentials

Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded SSL certificate and private key. An attacker with access to these items could potentially perform a man in the middle attack between the ACEManager client and ACEManager server...

3.6CVSS7AI score0.00296EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/12/04 11:15 p.m.23 views

Design/Logic Flaw

The ACEManager component of ALEOS 4.16 and earlier does not perform input sanitization during authentication, which could potentially result in a Denial of Service DoS condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting withi...

5CVSS7AI score0.00878EPSS
Exploits0References2Affected Software2
Prion
Prion
added 2023/12/04 11:15 p.m.24 views

Design/Logic Flaw

The ACEManager component of ALEOS 4.16 and earlier does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service DoS condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by...

5CVSS7.2AI score0.02296EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2023/12/04 11:2 p.m.36 views

CVE-2023-40465

CVE-2023-40465 affects Sierra Wireless ALEOS (including 4.16.0 and earlier). A third‑party open‑source component included in ALEOS can be exploited from the local network, causing a Denial of Service (captive portal) condition. Mitigation: update to ALEOS 4.17+ or apply vendor guidance/workaround...

8.3CVSS4.9AI score0.00214EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/04 11:2 p.m.19 views

CVE-2023-40465 Improper input leads to DoS

Several versions of ALEOS, including ALEOS 4.16.0, include an opensource third-party component which can be exploited from the local area network, resulting in a Denial of Service condition for the captive portal...

8.3CVSS5.8AI score0.00214EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/12/04 10:59 p.m.34 views

CVE-2023-40464 Use of hardcoded certificate and private key

Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded SSL certificate and private key. An attacker with access to these items could potentially perform a man in the middle attack between the ACEManager client and ACEManager server...

8.1CVSS8.1AI score0.00296EPSS
Exploits0References1
CVE
CVE
added 2023/12/04 10:59 p.m.55 views

CVE-2023-40464

CVE-2023-40464 concerns Sierra Wireless AirLink ALEOS firmware (incl. ALEOS 4.16.0 and earlier). The vulnerability stems from a hardcoded SSL certificate and private key used by the system, enabling a potential attacker with access to these artifacts to perform a man-in-the-middle attack between ...

8.1CVSS7.1AI score0.00296EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder