CVSS: 8.8EPSS: 38%CPEs: 2EXPL: 2CVE-2018-4070 – Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Get_Task.cgi Information Disclosure
https://notcve.org/view.php?id=CVE-2018-4070
26 Apr 2019 — An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. This binary does not have any restricted configuration settings, so once the MSCIID is discovered, any authenticated user can send configuration changes using the /cgi-bin/Embedded_Ace_Get_Task.cgi endpoint. Existe una vulnerabilidad explotable de divulgación de información en la funcionalidad de ACEManager EmbeddedAceGet_Task.cgi de Sierra Wireless Ai... • https://packetstorm.news/files/id/152655 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 38%CPEs: 2EXPL: 2CVE-2018-4071 – Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Get_Task.cgi Information Disclosure
https://notcve.org/view.php?id=CVE-2018-4071
26 Apr 2019 — An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The EmbeddedAceTLGet_Task.cgi executable is used to retrieve MSCII configuration values within the configuration manager of the AirLink ES450. This binary does not have any restricted configuration settings, so once the MSCIID is discovered, any authenticated user can send configuration changes using the /cgi-bin/Embedded_Ace_TLGet_Task.cgi endpoint. E... • https://packetstorm.news/files/id/152655 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 0%CPEs: 20EXPL: 0CVE-2017-15043
https://notcve.org/view.php?id=CVE-2017-15043
04 May 2018 — A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.5 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9 could allow an authenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. This vulnerability is due to insufficient input validation on user-controlled input in an HTTP request to the targeted device. An attacker in possession of ro... • https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/swi-psa-2018-003-technical-bulletin-reaper • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 12EXPL: 0CVE-2018-10251
https://notcve.org/view.php?id=CVE-2018-10251
04 May 2018 — A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.7 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9.3 could allow an unauthenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. Una vulnerabilidad en los routers Sierra Wireless AirLink GX400, GX440, ES440 y LS300 con firmware en versiones anteriores a la 4.4.7 y los routers GX450,... • https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---cve-2018-10251 • CWE-862: Missing Authorization CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-9247
https://notcve.org/view.php?id=CVE-2017-9247
02 Aug 2017 — Multiple unquoted service path vulnerabilities in Sierra Wireless Windows Mobile Broadband Driver Package (MBDP) with build ID < 4657 allows local users to launch processes with elevated privileges. Múltiples vulnerabilidades ruta de servicio sin entrecomillar en Mobile Broadband Driver Package (MBDP) de Sierra Wireless Windows con ID de compilación menor a 4657, permite a los usuarios locales iniciar procesos con privilegios elevados. • http://support.lenovo.com/us/en/product_security/LEN-12739 • CWE-428: Unquoted Search Path or Element •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2016-5066
https://notcve.org/view.php?id=CVE-2016-5066
10 Apr 2017 — Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user. Dispositivos Sierra Wireless GX 440 con firmware ALEOS 4.3.2 tiene contraseñas débiles para admin, rauser, sconsole y usuario. • https://carvesystems.com/sierra-wireless-2016-advisory.html • CWE-255: Credentials Management Errors •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2016-5071
https://notcve.org/view.php?id=CVE-2016-5071
10 Apr 2017 — Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root. Dispositivos Sierra Wireless GX 440 con firmware ALEOS 4.3.2 ejecutan la aplicación web de administración como root. • https://carvesystems.com/sierra-wireless-2016-advisory.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2016-5065
https://notcve.org/view.php?id=CVE-2016-5065
10 Apr 2017 — Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection. Los dispositivos Sierra Wireless GX 440 con firmware ALEOS 4.3.2 permiten la inyección de comandos Embedded_Ace_Set_Task.cgi. • https://carvesystems.com/sierra-wireless-2016-advisory.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2016-5068
https://notcve.org/view.php?id=CVE-2016-5068
10 Apr 2017 — Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests. Dispositivos Sierra Wireless GX 440 con firmware ALEOS 4.3.2 no requieren autenticación para solicitudes Embedded_Ace_Get_Task.cgi. • https://carvesystems.com/sierra-wireless-2016-advisory.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2016-5069
https://notcve.org/view.php?id=CVE-2016-5069
10 Apr 2017 — Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL. Dispositivos Sierra Wireless GX 440 con firmware ALEOS 4.3.2 utilizan tokens de sesión adivinables, que están en la URL. • https://carvesystems.com/sierra-wireless-2016-advisory.html • CWE-613: Insufficient Session Expiration •