CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 0CVE-2019-11855 – ALEOS LAN-Side RPC Server
https://notcve.org/view.php?id=CVE-2019-11855
21 Aug 2020 — An RPC server is enabled by default on the gateway's LAN of ALEOS before 4.12.0, 4.9.5, and 4.4.9. Un servidor RPC está habilitado por defecto en la LAN de la puerta de enlace de ALEOS versiones anteriores a 4.12.0, 4.9.5 y 4.4.9. • https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2020-004 •
CVSS: 9.1EPSS: 0%CPEs: 15EXPL: 0CVE-2019-11852 – ALEOS ACEView Service Out-Of-Bounds Read
https://notcve.org/view.php?id=CVE-2019-11852
21 Aug 2020 — An out-of-bounds reads vulnerability exists in the ACEView Service of ALEOS before 4.13.0, 4.9.5, and 4.4.9. Sensitive information may be disclosed via the ACEviewservice, accessible by default on the LAN. Se presenta una vulnerabilidad de lectura fuera de límites en el servicio ACEView de ALEOS versiones anteriores a 4.13.0, 4.9.5 y 4.4.9. Una información confidencial puede ser divulgada por medio del ACEviewservice, accesible por defecto en la LAN. • https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2020-004 • CWE-125: Out-of-bounds Read •
CVSS: 7.2EPSS: 0%CPEs: 15EXPL: 0CVE-2019-11848 – ALEOS AT Command API Abuse
https://notcve.org/view.php?id=CVE-2019-11848
21 Aug 2020 — An API abuse vulnerability exists in the AT command API of ALEOS before 4.13.0, 4.9.5, 4.4.9 due to lack of length checking when handling certain user-provided values. Se presenta una vulnerabilidad de abuso de API en la API de comando AT de ALEOS versiones anteriores a 4.13.0, 4.9.5, 4.4.9, debido a un fallo de comprobación de longitud al manejar determinados valores proporcionados por el usuario. • https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2020-004 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 7EXPL: 0CVE-2019-11850 – ALEOS AT Command Stack Overflow
https://notcve.org/view.php?id=CVE-2019-11850
21 Aug 2020 — A stack overflow vulnerabiltity exist in the AT command interface of ALEOS before 4.11.0. The vulnerability may allow code execution Se presenta una vulnerabilidad de desbordamiento de pila en la interfaz de comando AT de ALEOS versiones anteriores a 4.11.0. La vulnerabilidad puede permitir una ejecución de código. • https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2020-004 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 7EXPL: 0CVE-2019-11849 – ALEOS AT API Stack Overflow
https://notcve.org/view.php?id=CVE-2019-11849
21 Aug 2020 — A stack overflow vulnerabiltity exists in the AT command APIs of ALEOS before 4.11.0. The vulnerability may allow code execution. Se presenta una vulnerabilidad de desbordamiento de pila en las API de comando AT de ALEOS versiones anteriores a 4.11.0. La vulnerabilidad puede permitir una ejecución de código. • https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2020-004 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2019-11847 – ALEOS User Root Shell Escalation
https://notcve.org/view.php?id=CVE-2019-11847
21 Aug 2020 — An improper privilege management vulnerabitlity exists in ALEOS before 4.11.0, 4.9.4 and 4.4.9. An authenticated user can escalate to root via the command shell. Se presenta una vulnerabilidad de administración de privilegios inapropiada en ALEOS versiones anteriores a 4.11.0, 4.9.4 y 4.4.9. Un usuario autenticado puede escalar a root por medio del shell de comandos. • https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2020-004 • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 12EXPL: 0CVE-2018-10251
https://notcve.org/view.php?id=CVE-2018-10251
04 May 2018 — A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.7 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9.3 could allow an unauthenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. Una vulnerabilidad en los routers Sierra Wireless AirLink GX400, GX440, ES440 y LS300 con firmware en versiones anteriores a la 4.4.7 y los routers GX450,... • https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---cve-2018-10251 • CWE-862: Missing Authorization CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2015-6479
https://notcve.org/view.php?id=CVE-2015-6479
21 Apr 2016 — ACEmanager in Sierra Wireless ALEOS 4.4.2 and earlier on ES440, ES450, GX400, GX440, GX450, and LS300 devices allows remote attackers to read the filteredlogs.txt file, and consequently discover potentially sensitive boot-sequence information, via unspecified vectors. ACEmanager en Sierra Wireless ALEOS 4.4.2 y versiones anteriores en dispositivos ES440, ES450, GX400, GX440, GX450 y LS300 permite a atacantes remotos leer el archivo filteredlogs.txt, y consecuentemente descubrir información potencialmente se... • https://ics-cert.us-cert.gov/advisories/ICSA-16-105-01 •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2015-2897
https://notcve.org/view.php?id=CVE-2015-2897
08 Aug 2015 — Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote attackers to obtain administrative access via a (1) SSH or (2) TELNET session. Vulnerabilidad en Sierra Wireless ALEOS en versiones anteriores a 4.4.2 en dispositivos AirLink ES, GXy LS, tiene cuentas root embebidas, lo que facilita a atacantes remotos obtener acceso administrativo a través de (1) SSH o (2) sesión TELNET. • http://www.kb.cert.org/vuls/id/628568 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •