Aleos Security Vulnerabilities - CVSS Score 9 - 10
A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.7 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9.3 could allow an unauthenticated remote attacker to execute arbitrary code and gain full control of an affecte...
9.8CVSS
9.9AI Score
0.004EPSS
The ACENet service in Sierra Wireless ALEOS before 4.4.9, 4.5.x through 4.9.x before 4.9.5, and 4.10.x through 4.13.x before 4.14.0 allows remote attackers to execute arbitrary code via a buffer overflow.
9.8CVSS
9.7AI Score
0.007EPSS
An out-of-bounds reads vulnerability exists in the ACEView Service of ALEOS before 4.13.0, 4.9.5, and 4.4.9. Sensitive information may be disclosed via the ACEviewservice, accessible by default on the LAN.
9.1CVSS
8.9AI Score
0.002EPSS
An RPC server is enabled by default on the gateway's LAN of ALEOS before 4.12.0, 4.9.5, and 4.4.9.
9.8CVSS
9.4AI Score
0.002EPSS
Lack of input sanitization in AceManager of ALEOS before 4.12.0, 4.9.5 and 4.4.9 allows disclosure of sensitive system information.
9.1CVSS
5.1AI Score
0.001EPSS
Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution.
9.8CVSS
9.7AI Score
0.007EPSS