Sierra Wireless AirLink ALEOS (Update B)

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: Sierra Wireless Equipment: AirLink ALEOS Vulnerabilities: OS Command Injection, Use of Hard-coded Credentials, Unrestricted Upload of File with Dangerous Type,...

CVE-2015-6479

ACEmanager in Sierra Wireless ALEOS 4.4.2 and earlier on ES440, ES450, GX400, GX440, GX450, and LS300 devices allows remote attackers to read the filteredlogs.txt file, and consequently discover potentially sensitive boot-sequence information, via unspecified vectors...

CVE-2015-6479

CVE-2015-6479 affects Sierra Wireless ACEmanager in ALEOS 4.4.2 and earlier on ES440, ES450, GX400, GX440, GX450, and LS300. It is a remote information-disclosure vulnerability that allows reading the filteredlogs.txt file, potentially exposing boot-sequence details. The issue is due to access to...

Information Disclosure Vulnerability in Multiple Sierra Wireless Products

Sierra Wireless LS300, GX400/440/450 and ES440/450 running ALEOS is a set of application frameworks that run in the LS300, GX400/440/450 and ES440/450 gateway devices. Multiple Sierra Wireless filteredlogs.txt files are visible to unauthenticated users, allowing remote attackers to exploit the...