Page 3 of 27 results (0.002 seconds)

CVSS: 4.9EPSS: 0%CPEs: 10EXPL: 1

Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page. • https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-001 https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-04 https://www.otorio.com/blog/airlink-acemanager-vulnerabilities • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 0

Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution. Sierra Wireless ALEOS versiones hasta 4.4.8, versiones hasta 4.9.4 y versiones hasta 4.11, permite una ejecución de código remota • https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2020-005 •

CVSS: 8.4EPSS: 0%CPEs: 14EXPL: 0

The SSH service on ALEOS before 4.12.0, 4.9.5, 4.4.9 allows traffic proxying. El servicio SSH en ALEOS versiones anteriores a 4.12.0, 4.9.5, 4.4.9, permite un proxy del tráfico. • https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---swi-psa-2019-004 •

CVSS: 7.2EPSS: 0%CPEs: 15EXPL: 0

Multiple buffer overflow vulnerabilities exist in the AceManager Web API of ALEOS before 4.13.0, 4.9.5, and 4.4.9. Se presentan múltiples vulnerabilidades de desbordamiento del búfer en la AceManager Web API de ALEOS versiones anteriores a 4.13.0, 4.9.5 y 4.4.9. • https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2020-004 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.2EPSS: 0%CPEs: 10EXPL: 0

Several potential command injections vulnerabilities exist in the AT command interface of ALEOS before 4.11.0, and 4.9.4. Se presentan varias vulnerabilidades potenciales de inyecciones de comandos en la interfaz de comandos AT de ALEOS versiones anteriores a 4.11.0 y 4.9.4. • https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2020-004 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •