Aleos@* Security Vulnerabilities and Issues — Aleos@* CVE List

Lucene search

SierrawirelessAleos*

13 matches found

CVE•added 2022/12/26 10:15 p.m.•63 views

CVE-2019-11851

The ACENet service in Sierra Wireless ALEOS before 4.4.9, 4.5.x through 4.9.x before 4.9.5, and 4.10.x through 4.13.x before 4.14.0 allows remote attackers to execute arbitrary code via a buffer overflow.

9.8CVSS9.7AI score0.00027EPSS

CVE•added 2020/08/21 7:15 p.m.•53 views

CVE-2019-11848

An API abuse vulnerability exists in the AT command API of ALEOS before 4.13.0, 4.9.5, 4.4.9 due to lack of length checking when handling certain user-provided values.

7.2CVSS5.6AI score0.00016EPSS

CVE•added 2020/08/21 7:15 p.m.•50 views

CVE-2019-11852

An out-of-bounds reads vulnerability exists in the ACEView Service of ALEOS before 4.13.0, 4.9.5, and 4.4.9. Sensitive information may be disclosed via the ACEviewservice, accessible by default on the LAN.

9.1CVSS6.5AI score0.00019EPSS

CVE•added 2018/05/04 8:29 p.m.•49 views

CVE-2018-10251

A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.7 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9.3 could allow an unauthenticated remote attacker to execute arbitrary code and gain full control of an affecte...

10CVSS9.9AI score0.00084EPSS

CVE•added 2020/08/21 7:15 p.m.•49 views

CVE-2019-11850

A stack overflow vulnerabiltity exist in the AT command interface of ALEOS before 4.11.0. The vulnerability may allow code execution

6.7CVSS6.8AI score0.00003EPSS

CVE•added 2020/08/21 7:15 p.m.•48 views

CVE-2019-11847

An improper privilege management vulnerabitlity exists in ALEOS before 4.11.0, 4.9.4 and 4.4.9. An authenticated user can escalate to root via the command shell.

7.8CVSS7.5AI score0.00008EPSS

CVE•added 2020/08/21 7:15 p.m.•48 views

CVE-2019-11857

Lack of input sanitization in AceManager of ALEOS before 4.12.0, 4.9.5 and 4.4.9 allows disclosure of sensitive system information.

9.1CVSS5.5AI score0.00016EPSS

CVE•added 2020/08/21 7:15 p.m.•46 views

CVE-2019-11853

Several potential command injections vulnerabilities exist in the AT command interface of ALEOS before 4.11.0, and 4.9.4.

7.2CVSS6AI score0.00022EPSS

CVE•added 2020/08/21 7:15 p.m.•44 views

CVE-2019-11855

An RPC server is enabled by default on the gateway's LAN of ALEOS before 4.12.0, 4.9.5, and 4.4.9.

9.8CVSS9.1AI score0.00019EPSS

CVE•added 2020/08/21 7:15 p.m.•43 views

CVE-2019-11862

The SSH service on ALEOS before 4.12.0, 4.9.5, 4.4.9 allows traffic proxying.

8.4CVSS8.2AI score0.00012EPSS

CVE•added 2020/08/21 7:15 p.m.•41 views

CVE-2019-11849

A stack overflow vulnerabiltity exists in the AT command APIs of ALEOS before 4.11.0. The vulnerability may allow code execution.

6.7CVSS6.8AI score0.00003EPSS

CVE•added 2023/12/25 9:15 a.m.•39 views

CVE-2023-38321

OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference, daemon crash, and Captive Portal outage) via a GET request to /opennds_auth/ that lacks a custom query string parameter and client-token.

7.5CVSS7.3AI score0.00041EPSS

Web

CVE•added 2020/10/06 2:15 p.m.•38 views

CVE-2020-8782

Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution.

9.8CVSS9.1AI score0.06974EPSS