CVE-2016-5070
https://notcve.org/view.php?id=CVE-2016-5070
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext. Dispositivos Sierra Wireless GX 440 con firmware ALEOS 4.3.2 almacenan contraseñas en texto plano. • https://carvesystems.com/sierra-wireless-2016-advisory.html • CWE-255: Credentials Management Errors •
CVE-2016-5066
https://notcve.org/view.php?id=CVE-2016-5066
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user. Dispositivos Sierra Wireless GX 440 con firmware ALEOS 4.3.2 tiene contraseñas débiles para admin, rauser, sconsole y usuario. • https://carvesystems.com/sierra-wireless-2016-advisory.html • CWE-255: Credentials Management Errors •
CVE-2016-5068
https://notcve.org/view.php?id=CVE-2016-5068
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests. Dispositivos Sierra Wireless GX 440 con firmware ALEOS 4.3.2 no requieren autenticación para solicitudes Embedded_Ace_Get_Task.cgi. • https://carvesystems.com/sierra-wireless-2016-advisory.html • CWE-287: Improper Authentication •
CVE-2016-5071
https://notcve.org/view.php?id=CVE-2016-5071
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root. Dispositivos Sierra Wireless GX 440 con firmware ALEOS 4.3.2 ejecutan la aplicación web de administración como root. • https://carvesystems.com/sierra-wireless-2016-advisory.html • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-5069
https://notcve.org/view.php?id=CVE-2016-5069
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL. Dispositivos Sierra Wireless GX 440 con firmware ALEOS 4.3.2 utilizan tokens de sesión adivinables, que están en la URL. • https://carvesystems.com/sierra-wireless-2016-advisory.html • CWE-613: Insufficient Session Expiration •