CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2016-5071
https://notcve.org/view.php?id=CVE-2016-5071
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root. Dispositivos Sierra Wireless GX 440 con firmware ALEOS 4.3.2 ejecutan la aplicación web de administración como root. • https://carvesystems.com/sierra-wireless-2016-advisory.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2016-5069
https://notcve.org/view.php?id=CVE-2016-5069
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL. Dispositivos Sierra Wireless GX 440 con firmware ALEOS 4.3.2 utilizan tokens de sesión adivinables, que están en la URL. • https://carvesystems.com/sierra-wireless-2016-advisory.html • CWE-613: Insufficient Session Expiration •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1CVE-2016-5065
https://notcve.org/view.php?id=CVE-2016-5065
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection. Los dispositivos Sierra Wireless GX 440 con firmware ALEOS 4.3.2 permiten la inyección de comandos Embedded_Ace_Set_Task.cgi. • https://carvesystems.com/sierra-wireless-2016-advisory.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2016-5067
https://notcve.org/view.php?id=CVE-2016-5067
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection. Dispositivos Sierra Wireless GX 440 con firmware ALEOS 4.3.2 permiten inyección de comandos Hayes AT. • https://carvesystems.com/sierra-wireless-2016-advisory.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2015-6479
https://notcve.org/view.php?id=CVE-2015-6479
ACEmanager in Sierra Wireless ALEOS 4.4.2 and earlier on ES440, ES450, GX400, GX440, GX450, and LS300 devices allows remote attackers to read the filteredlogs.txt file, and consequently discover potentially sensitive boot-sequence information, via unspecified vectors. ACEmanager en Sierra Wireless ALEOS 4.4.2 y versiones anteriores en dispositivos ES440, ES450, GX400, GX440, GX450 y LS300 permite a atacantes remotos leer el archivo filteredlogs.txt, y consecuentemente descubrir información potencialmente sensible sobre la secuencia de arranque, a través de vectores no especificados. • https://ics-cert.us-cert.gov/advisories/ICSA-16-105-01 •