23 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-40458
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Sierra Wireless, Inc ALEOS could potentially allow a remote attacker to trigger a Denial o...
The vulnerability of the ACEManager component in the ALEOS operating system of Sierra Wireless’ wireless routers—MP70, RV50x, RV55, LX40, LX60 ES450, GX450—allows a hacker to execute arbitrary scripts and trigger a system reboot.
The vulnerability of the ACEManager component in the ALEOS operating system of Sierra Wireless’ wireless routers—MP70, RV50x, RV55, LX40, LX60 ES450, GX450—is related to the ability to load files of a malicious nature without limitation. Exploiting this vulnerability allows an attacker to execute...
The vulnerability of the ACEManager component in the ALEOS operating system of Sierra Wireless’ wireless routers—MP70, RV50x, RV55, LX40, LX60 ES450, GX450—allows a hacker to cause service interruptions.
The vulnerability of the ACEManager component in the ALEOS operating system of Sierra Wireless’ wireless routers—MP70, RV50x, RV55, LX40, LX60 ES450, GX450—is related to pointer aliasing errors. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
CVE-2023-40464
Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded SSL certificate and private key. An attacker with access to these items could potentially perform a man in the middle attack between the ACEManager client and ACEManager server...
CVE-2023-40462
The ACEManager component of ALEOS 4.16 and earlier does not perform input sanitization during authentication, which could potentially result in a Denial of Service DoS condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting withi...
CVE-2023-40459
The ACEManager component of ALEOS 4.16 and earlier does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service DoS condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by...
Sierra Wireless ALEOS Cross-Site Scripting Vulnerability
Sierra Wireless ALEOS AAF is a framework for creating applications in Sierra Wireless AirLink gateways from Sierra Wireless Canada. A security vulnerability exists in Sierra Wireless ALEOS 4.16 and earlier versions that stems from the ACEManager component not validating the name and type of...
Sierra Wireless ALEOS Code Issue Vulnerability
Sierra Wireless ALEOS AAF is a framework for creating applications in Sierra Wireless AirLink gateways from Sierra Wireless Canada. A code issue vulnerability exists in Sierra Wireless ALEOS 4.16 and prior versions that stems from a denial of service DOS vulnerability in the ACEManager component...
CVE-2023-40458
Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Sierra Wireless, Inc ALEOS could potentially allow a remote attacker to trigger a Denial of Service DoS condition for ACEManager without impairing other router functions. This condition is cleared by restarting the device...
UBUNTU-CVE-2023-40458
Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Sierra Wireless, Inc ALEOS could potentially allow a remote attacker to trigger a Denial of Service DoS condition for ACEManager without impairing other router functions. This condition is cleared by restarting the device...
PT-2023-7919 · Sierra Wireless · Aleos
Name of the Vulnerable Software and Affected Versions: Sierra Wireless, Inc ALEOS affected versions not specified Description: The issue is related to a Loop with Unreachable Exit Condition, also known as an 'Infinite Loop', which could potentially allow a remote attacker to trigger a Denial of...
PT-2023-7522 · Aleos · Aleos
Name of the Vulnerable Software and Affected Versions: ALEOS versions 4.16 and earlier Description: The ACEManager component of ALEOS does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service DoS condition for ACEManager without...
CVE-2022-46650
Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page...
Sierra Wireless AirLink Router 信息泄露漏洞
Sierra Wireless AirLink Router is a series of wireless routers from Sierra. A security vulnerability exists in the Sierra Wireless AirLink Router that stems from the fact that a user with valid ACEManager credentials and access to the ACEManager interface can reconfigure the device so that the...
CVE-2019-11857
Lack of input sanitization in AceManager of ALEOS before 4.12.0, 4.9.5 and 4.4.9 allows disclosure of sensitive system information...
CVE-2018-4064
An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user password on the...
CVE-2018-4065
An exploitable cross-site scripting vulnerability exists in the ACEManager pingresult.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the...
CVE-2018-4061
An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HTTP reque...
CVE-2018-4068
An exploitable information disclosure vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A HTTP request can result in disclosure of the default configuration for the device. An attacker can send an unauthenticated HTTP request to trigger this...
Sierra Wireless AirLink ES450 Cross-Site Scripting Vulnerability
The Sierra Wireless AirLink ES450 is a cellular network modem device from Sierra Wireless Canada. A cross-site scripting vulnerability exists in the ACEManager pingresult.cgi function in the Sierra Wireless AirLink ES450 using firmware version 4.9.3, which stems from a lack of proper validation o...