CVSS: 4.9EPSS: 0%CPEs: 10EXPL: 1CVE-2022-46650
https://notcve.org/view.php?id=CVE-2022-46650
Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page. • https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-001 https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-04 https://www.otorio.com/blog/airlink-acemanager-vulnerabilities • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 0CVE-2019-11851
https://notcve.org/view.php?id=CVE-2019-11851
The ACENet service in Sierra Wireless ALEOS before 4.4.9, 4.5.x through 4.9.x before 4.9.5, and 4.10.x through 4.13.x before 4.14.0 allows remote attackers to execute arbitrary code via a buffer overflow. El servicio ACENet en Sierra Wireless ALEOS anteriores a 4.4.9, 4.5.x a 4.9.x anteriores a 4.9.5 y 4.10.x a 4.13.x anteriores a 4.14.0 permite a atacantes remotos ejecutar código arbitrario mediante un desbordamiento de búfer. • http://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2021-001.ashx https://www.sierrawireless.com/company/security • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11101
https://notcve.org/view.php?id=CVE-2020-11101
Sierra Wireless AirLink Mobility Manager (AMM) before 2.17 mishandles sessions and thus an unauthenticated attacker can obtain a login session with administrator privileges. Sierra Wireless AirLink Mobility Manager (AMM) anterior a 2.17 maneja mal las sesiones y, por lo tanto, un atacante no autenticado puede obtener una sesión de inicio de sesión con privilegios de administrador. • https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2020-007---amm-unauthenticated-login.ashx https://www.sierrawireless.com/company/security •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-13988
https://notcve.org/view.php?id=CVE-2019-13988
Sierra Wireless MGOS before 3.15.2 and 4.x before 4.3 allows attackers to read log files via a Direct Request (aka Forced Browsing). Sierra Wireless MGOS anteriores a 3.15.2 y 4.x anteriores a 4.3 permite a los atacantes leer archivos de registro mediante una solicitud directa (también conocida como navegación forzada). • https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2020-006---mgos-security-update.ashx https://www.sierrawireless.com/company/security •
CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 0CVE-2020-8782 – ALEOS LAN-Side RPC Service Remote Code Execution
https://notcve.org/view.php?id=CVE-2020-8782
Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution. Sierra Wireless ALEOS versiones hasta 4.4.8, versiones hasta 4.9.4 y versiones hasta 4.11, permite una ejecución de código remota • https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2020-005 •