Skip to main content

Aleos

14 CVEs product

Monthly

CVE-2023-38321 HIGH This Week

OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference, daemon crash, and Captive Portal outage). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Aleos
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-40465 MEDIUM This Month

Several versions of ALEOS, including ALEOS 4.16.0, include an opensource third-party component which can be exploited from the local area network, resulting in a Denial of Service condition for the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Denial Of Service Aleos
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-40464 MEDIUM This Month

Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded SSL certificate and private key. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Aleos
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-40463 HIGH This Week

When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and earlier store the SHA512 hash of the common root password for that version in a directory. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Aleos
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2023-40462 HIGH This Week

The ACEManager component of ALEOS 4.16 and earlier does not perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Aleos Debian Linux
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-40461 MEDIUM This Month

The ACEManager component of ALEOS 4.16 and earlier allows an authenticated user with Administrator privileges to access a file upload field which does not fully validate the file name, creating a. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Aleos
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-40460 MEDIUM This Month

The ACEManager component of ALEOS 4.16 and earlier does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Aleos
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-40459 HIGH This Week

The ACEManager component of ALEOS 4.16 and earlier does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Aleos
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2023-40458 HIGH This Week

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Sierra Wireless, Inc ALEOS could potentially allow a remote attacker to trigger a Denial of Service (DoS) condition for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Aleos
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-8782 CRITICAL Act Now

Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Aleos
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-8781 HIGH This Week

Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 and later allow an escalation to root from a low-privilege process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Aleos
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2018-10251 CRITICAL Act Now

A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.7 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9.3 could. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Aleos
NVD
CVSS 3.0
9.8
EPSS
4.5%
CVE-2015-6479 MEDIUM This Month

ACEmanager in Sierra Wireless ALEOS 4.4.2 and earlier on ES440, ES450, GX400, GX440, GX450, and LS300 devices allows remote attackers to read the filteredlogs.txt file, and consequently discover. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aleos
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2015-2897 CRITICAL Act Now

Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote attackers to obtain administrative access via a (1) SSH or (2). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Aleos
NVD
CVSS 2.0
10.0
EPSS
0.0%
EPSS 1% CVSS 7.5
HIGH This Week

OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference, daemon crash, and Captive Portal outage). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Aleos
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

Several versions of ALEOS, including ALEOS 4.16.0, include an opensource third-party component which can be exploited from the local area network, resulting in a Denial of Service condition for the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Denial Of Service +1
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded SSL certificate and private key. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Aleos
NVD
EPSS 1% CVSS 7.2
HIGH This Week

When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and earlier store the SHA512 hash of the common root password for that version in a directory. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Aleos
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The ACEManager component of ALEOS 4.16 and earlier does not perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Aleos Debian Linux
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

The ACEManager component of ALEOS 4.16 and earlier allows an authenticated user with Administrator privileges to access a file upload field which does not fully validate the file name, creating a. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Aleos
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

The ACEManager component of ALEOS 4.16 and earlier does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Aleos
NVD
EPSS 2% CVSS 7.5
HIGH This Week

The ACEManager component of ALEOS 4.16 and earlier does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Aleos
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Sierra Wireless, Inc ALEOS could potentially allow a remote attacker to trigger a Denial of Service (DoS) condition for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Aleos
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Aleos
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 and later allow an escalation to root from a low-privilege process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Aleos
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.7 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9.3 could. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Aleos
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

ACEmanager in Sierra Wireless ALEOS 4.4.2 and earlier on ES440, ES450, GX400, GX440, GX450, and LS300 devices allows remote attackers to read the filteredlogs.txt file, and consequently discover. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aleos
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote attackers to obtain administrative access via a (1) SSH or (2). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Aleos
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy