CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1CVE-2016-5065
https://notcve.org/view.php?id=CVE-2016-5065
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection. Los dispositivos Sierra Wireless GX 440 con firmware ALEOS 4.3.2 permiten la inyección de comandos Embedded_Ace_Set_Task.cgi. • https://carvesystems.com/sierra-wireless-2016-advisory.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2016-5067
https://notcve.org/view.php?id=CVE-2016-5067
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection. Dispositivos Sierra Wireless GX 440 con firmware ALEOS 4.3.2 permiten inyección de comandos Hayes AT. • https://carvesystems.com/sierra-wireless-2016-advisory.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2015-6479
https://notcve.org/view.php?id=CVE-2015-6479
ACEmanager in Sierra Wireless ALEOS 4.4.2 and earlier on ES440, ES450, GX400, GX440, GX450, and LS300 devices allows remote attackers to read the filteredlogs.txt file, and consequently discover potentially sensitive boot-sequence information, via unspecified vectors. ACEmanager en Sierra Wireless ALEOS 4.4.2 y versiones anteriores en dispositivos ES440, ES450, GX400, GX440, GX450 y LS300 permite a atacantes remotos leer el archivo filteredlogs.txt, y consecuentemente descubrir información potencialmente sensible sobre la secuencia de arranque, a través de vectores no especificados. • https://ics-cert.us-cert.gov/advisories/ICSA-16-105-01 •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2015-2897
https://notcve.org/view.php?id=CVE-2015-2897
Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote attackers to obtain administrative access via a (1) SSH or (2) TELNET session. Vulnerabilidad en Sierra Wireless ALEOS en versiones anteriores a 4.4.2 en dispositivos AirLink ES, GXy LS, tiene cuentas root embebidas, lo que facilita a atacantes remotos obtener acceso administrativo a través de (1) SSH o (2) sesión TELNET. • http://www.kb.cert.org/vuls/id/628568 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 20EXPL: 0CVE-2013-2819
https://notcve.org/view.php?id=CVE-2013-2819
The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to install Trojan horse firmware by leveraging cleartext credentials in a crafted (1) update or (2) reprogramming action. El gateway Sierra Wireless AirLink Raven X EV-DO 4221_0.0.11.003 y 4228_4.0.11.003 permite a atacantes remotos instalar un firmware troyano aprovechando credenciales en texto plano en un (1) update manipulado o (2) acción de reprogramación manipulada. • http://ics-cert.us-cert.gov/advisories/ICSA-14-007-01A http://www.sierrawireless.com/resources/support/airlink/docs/raven%20security%20vulnerability%202014-01-10.pdf • CWE-255: Credentials Management Errors •