Sierrawireless Aleos Firmware vulnerabilities
7 known vulnerabilities affecting sierrawireless/aleos_firmware.
Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH2
Vulnerabilities
Page 1 of 1
CVE-2016-5065P2CRITICALCVSS 9.8v4.3.22017-04-10
CVE-2016-5065 [CRITICAL] CWE-77 CVE-2016-5065: Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command inj
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection.
nvd
CVE-2016-5068P3CRITICALCVSS 9.8v4.3.22017-04-10
CVE-2016-5068 [CRITICAL] CWE-287 CVE-2016-5068: Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests.
nvd
CVE-2016-5067P3HIGHCVSS 8.8v4.3.22017-04-10
CVE-2016-5067 [HIGH] CWE-77 CVE-2016-5067: Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection.
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection.
nvd
CVE-2016-5071P3HIGHCVSS 8.8v4.3.22017-04-10
CVE-2016-5071 [HIGH] CWE-264 CVE-2016-5071: Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as r
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root.
nvd
CVE-2016-5066P3CRITICALCVSS 9.8v4.3.22017-04-10
CVE-2016-5066 [CRITICAL] CWE-255 CVE-2016-5066: Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, scon
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.
nvd
CVE-2016-5070P3CRITICALCVSS 9.8v4.3.22017-04-10
CVE-2016-5070 [CRITICAL] CWE-255 CVE-2016-5070: Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext.
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext.
nvd
CVE-2016-5069P3CRITICALCVSS 9.8v4.3.22017-04-10
CVE-2016-5069 [CRITICAL] CWE-613 CVE-2016-5069: Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL.
nvd