CVE-2022-46650
https://notcve.org/view.php?id=CVE-2022-46650
Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page. • https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-001 https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-04 https://www.otorio.com/blog/airlink-acemanager-vulnerabilities • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2019-11851
https://notcve.org/view.php?id=CVE-2019-11851
The ACENet service in Sierra Wireless ALEOS before 4.4.9, 4.5.x through 4.9.x before 4.9.5, and 4.10.x through 4.13.x before 4.14.0 allows remote attackers to execute arbitrary code via a buffer overflow. El servicio ACENet en Sierra Wireless ALEOS anteriores a 4.4.9, 4.5.x a 4.9.x anteriores a 4.9.5 y 4.10.x a 4.13.x anteriores a 4.14.0 permite a atacantes remotos ejecutar código arbitrario mediante un desbordamiento de búfer. • http://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2021-001.ashx https://www.sierrawireless.com/company/security • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2020-8782 – ALEOS LAN-Side RPC Service Remote Code Execution
https://notcve.org/view.php?id=CVE-2020-8782
Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution. Sierra Wireless ALEOS versiones hasta 4.4.8, versiones hasta 4.9.4 y versiones hasta 4.11, permite una ejecución de código remota • https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2020-005 •
CVE-2019-11862 – ALEOS SSH Service Allows Traffic Proxying
https://notcve.org/view.php?id=CVE-2019-11862
The SSH service on ALEOS before 4.12.0, 4.9.5, 4.4.9 allows traffic proxying. El servicio SSH en ALEOS versiones anteriores a 4.12.0, 4.9.5, 4.4.9, permite un proxy del tráfico. • https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---swi-psa-2019-004 •
CVE-2019-11858 – ALEOS Multiple Web UI vulnerabilities
https://notcve.org/view.php?id=CVE-2019-11858
Multiple buffer overflow vulnerabilities exist in the AceManager Web API of ALEOS before 4.13.0, 4.9.5, and 4.4.9. Se presentan múltiples vulnerabilidades de desbordamiento del búfer en la AceManager Web API de ALEOS versiones anteriores a 4.13.0, 4.9.5 y 4.4.9. • https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2020-004 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •