Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection.
9.8CVSS
9.7AI Score
0.012EPSS
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.
9.8CVSS
9.4AI Score
0.007EPSS
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection.
8.8CVSS
9AI Score
0.001EPSS
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests.
9.8CVSS
9.6AI Score
0.007EPSS
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL.
9.8CVSS
9.4AI Score
0.007EPSS
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext.
9.8CVSS
9.3AI Score
0.007EPSS
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root.
8.8CVSS
8.8AI Score
0.001EPSS