The vulnerability of the ALEOS operating system in wireless routers from Sierra Wireless—MP70, RV50x, RV55, LX40, LX60 ES450, GX450—allows a attacker to execute a “man-in-the-middle” attack.

The vulnerability of the ALEOS operating system in wireless routers from Sierra Wireless—MP70, RV50x, RV55, LX40, LX60 ES450, and GX450—is related to deficiencies in SSL certificate validation. Exploiting this vulnerability allows a remote attacker to execute a “man-in-the-middle” attack...

The vulnerability of the ACEManager component in the ALEOS operating system of Sierra Wireless’ wireless routers—MP70, RV50x, RV55, LX40, LX60 ES450, GX450—allows attackers to carry out cross-site scripting attacks.

The vulnerability of the ACEManager component in the ALEOS operating system of Sierra Wireless’ wireless routers—MP70, RV50x, RV55, LX40, LX60 ES450, GX450—is related to the lack of protective measures for website structures. Exploiting this vulnerability allows a remote attacker to perform...

The vulnerability of the ACEManager component in the ALEOS operating system of Sierra Wireless’ wireless routers—MP70, RV50x, RV55, LX40, LX60 ES450, GX450—allows a hacker to cause service interruptions.

The vulnerability of the ACEManager component in the ALEOS operating system for wireless routers from Sierra Wireless—such as the MP70, RV50x, RV55, LX40, LX60 ES450, and GX450 models—is related to pre-installed credentials due to the use of the assert function or similar operators. Exploiting th...

Sierra Wireless AirLink ALEOS (Update B)

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: Sierra Wireless Equipment: AirLink ALEOS Vulnerabilities: OS Command Injection, Use of Hard-coded Credentials, Unrestricted Upload of File with Dangerous Type,...

Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Get_Task.cgi Information Disclosure Exploit

An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause an information disclosure, resulting in the exposure of confidential information, including, but...

Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Set_Task.cgi Permission Assignment

Talos Vulnerability Report TALOS-2018-0756 Sierra Wireless AirLink ES450 ACEManager EmbeddedAceSetTask.cgi Permission Assignment Vulnerability April 25, 2019 CVE Number CVE-2018-4072, CVE-2018-4073 Summary An exploitable Permission Assignment vulnerability exists in the ACEManager...

CVE-2015-6479

ACEmanager in Sierra Wireless ALEOS 4.4.2 and earlier on ES440, ES450, GX400, GX440, GX450, and LS300 devices allows remote attackers to read the filteredlogs.txt file, and consequently discover potentially sensitive boot-sequence information, via unspecified vectors...

CVE-2015-6479

CVE-2015-6479 affects Sierra Wireless ACEmanager in ALEOS 4.4.2 and earlier on ES440, ES450, GX400, GX440, GX450, and LS300. It is a remote information-disclosure vulnerability that allows reading the filteredlogs.txt file, potentially exposing boot-sequence details. The issue is due to access to...

Information Disclosure Vulnerability in Multiple Sierra Wireless Products

Sierra Wireless LS300, GX400/440/450 and ES440/450 running ALEOS is a set of application frameworks that run in the LS300, GX400/440/450 and ES440/450 gateway devices. Multiple Sierra Wireless filteredlogs.txt files are visible to unauthenticated users, allowing remote attackers to exploit the...