Skip to main content

Aleos Firmware

7 CVEs product

Monthly

CVE-2016-5071 HIGH POC This Week

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Aleos Firmware
NVD
CVSS 3.0
8.8
EPSS
0.0%
CVE-2016-5070 CRITICAL POC Act Now

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Aleos Firmware
NVD
CVSS 3.0
9.8
EPSS
0.0%
CVE-2016-5069 CRITICAL POC Act Now

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Aleos Firmware
NVD
CVSS 3.0
9.8
EPSS
0.0%
CVE-2016-5068 CRITICAL POC Act Now

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Aleos Firmware
NVD
CVSS 3.0
9.8
EPSS
0.0%
CVE-2016-5067 HIGH POC This Week

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Aleos Firmware
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2016-5066 CRITICAL POC Act Now

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Aleos Firmware
NVD
CVSS 3.0
9.8
EPSS
0.0%
CVE-2016-5065 CRITICAL POC Act Now

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Aleos Firmware
NVD
CVSS 3.0
9.8
EPSS
0.7%
EPSS 0% CVSS 8.8
HIGH POC This Week

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Aleos Firmware
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Aleos Firmware
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Aleos Firmware
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Aleos Firmware
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Aleos Firmware
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Aleos Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Aleos Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy