Lucene search

Aleos Firmware Security Vulnerabilities - February

cve

CVE-2016-5065

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection.

9.8CVSS

9.7AI Score

0.012EPSS

2017-04-10 03:59 AM

cve

CVE-2016-5066

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.

9.8CVSS

9.4AI Score

0.007EPSS

2017-04-10 03:59 AM

cve

CVE-2016-5067

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection.

8.8CVSS

9AI Score

0.001EPSS

2017-04-10 03:59 AM

cve

CVE-2016-5068

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests.

9.8CVSS

9.6AI Score

0.007EPSS

2017-04-10 03:59 AM

cve

CVE-2016-5069

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL.

9.8CVSS

9.4AI Score

0.007EPSS

2017-04-10 03:59 AM

cve

CVE-2016-5070

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext.

9.8CVSS

9.3AI Score

0.007EPSS

2017-04-10 03:59 AM

cve

CVE-2016-5071

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root.

8.8CVSS

8.8AI Score

0.001EPSS

2017-04-10 03:59 AM