CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2016-5066
https://notcve.org/view.php?id=CVE-2016-5066
10 Apr 2017 — Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user. Dispositivos Sierra Wireless GX 440 con firmware ALEOS 4.3.2 tiene contraseñas débiles para admin, rauser, sconsole y usuario. • https://carvesystems.com/sierra-wireless-2016-advisory.html • CWE-255: Credentials Management Errors •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2016-5071
https://notcve.org/view.php?id=CVE-2016-5071
10 Apr 2017 — Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root. Dispositivos Sierra Wireless GX 440 con firmware ALEOS 4.3.2 ejecutan la aplicación web de administración como root. • https://carvesystems.com/sierra-wireless-2016-advisory.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2016-5065
https://notcve.org/view.php?id=CVE-2016-5065
10 Apr 2017 — Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection. Los dispositivos Sierra Wireless GX 440 con firmware ALEOS 4.3.2 permiten la inyección de comandos Embedded_Ace_Set_Task.cgi. • https://carvesystems.com/sierra-wireless-2016-advisory.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2016-5068
https://notcve.org/view.php?id=CVE-2016-5068
10 Apr 2017 — Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests. Dispositivos Sierra Wireless GX 440 con firmware ALEOS 4.3.2 no requieren autenticación para solicitudes Embedded_Ace_Get_Task.cgi. • https://carvesystems.com/sierra-wireless-2016-advisory.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2016-5069
https://notcve.org/view.php?id=CVE-2016-5069
10 Apr 2017 — Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL. Dispositivos Sierra Wireless GX 440 con firmware ALEOS 4.3.2 utilizan tokens de sesión adivinables, que están en la URL. • https://carvesystems.com/sierra-wireless-2016-advisory.html • CWE-613: Insufficient Session Expiration •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2016-5070
https://notcve.org/view.php?id=CVE-2016-5070
10 Apr 2017 — Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext. Dispositivos Sierra Wireless GX 440 con firmware ALEOS 4.3.2 almacenan contraseñas en texto plano. • https://carvesystems.com/sierra-wireless-2016-advisory.html • CWE-255: Credentials Management Errors •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2016-5067
https://notcve.org/view.php?id=CVE-2016-5067
10 Apr 2017 — Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection. Dispositivos Sierra Wireless GX 440 con firmware ALEOS 4.3.2 permiten inyección de comandos Hayes AT. • https://carvesystems.com/sierra-wireless-2016-advisory.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •