Vulnerabilities > Sierrawireless

DATE CVE VULNERABILITY TITLE RISK
2023-02-10 CVE-2022-46649 OS Command Injection vulnerability in Sierrawireless Aleos
Acemanager in ALEOS before version 4.16 allows a user with valid credentials to manipulate the IP logging operation to execute arbitrary shell commands on the device.
network
low complexity
sierrawireless CWE-78
8.8
8.8
2023-02-10 CVE-2022-46650 Information Exposure vulnerability in Sierrawireless Aleos
Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page.
network
low complexity
sierrawireless CWE-200
4.9
4.9
2022-12-26 CVE-2019-11851 Classic Buffer Overflow vulnerability in Sierrawireless Aleos
The ACENet service in Sierra Wireless ALEOS before 4.4.9, 4.5.x through 4.9.x before 4.9.5, and 4.10.x through 4.13.x before 4.14.0 allows remote attackers to execute arbitrary code via a buffer overflow.
network
low complexity
sierrawireless CWE-120
critical
 9.8
9.8
2020-10-06 CVE-2020-8782 Unspecified vulnerability in Sierrawireless Aleos
Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution.
network
low complexity
sierrawireless
7.5
7.5
2020-10-06 CVE-2020-8781 Unspecified vulnerability in Sierrawireless Aleos
Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 and later allow an escalation to root from a low-privilege process.
local
low complexity
sierrawireless
7.2
7.2
2020-08-21 CVE-2019-11862 Incorrect Authorization vulnerability in Sierrawireless Aleos
The SSH service on ALEOS before 4.12.0, 4.9.5, 4.4.9 allows traffic proxying.
local
low complexity
sierrawireless CWE-863
4.6
4.6
2020-08-21 CVE-2019-11859 Classic Buffer Overflow vulnerability in Sierrawireless Aleos
A buffer overflow exists in the SMS handler API of ALEOS before 4.13.0, 4.9.5, 4.9.4 that may allow code execution as root.
network
low complexity
sierrawireless CWE-120
critical
 9.0
9.0
2020-08-21 CVE-2019-11858 Classic Buffer Overflow vulnerability in Sierrawireless Aleos
Multiple buffer overflow vulnerabilities exist in the AceManager Web API of ALEOS before 4.13.0, 4.9.5, and 4.4.9.
network
low complexity
sierrawireless CWE-120
6.5
6.5
2020-08-21 CVE-2019-11857 Improper Input Validation vulnerability in Sierrawireless Aleos
Lack of input sanitization in AceManager of ALEOS before 4.12.0, 4.9.5 and 4.4.9 allows disclosure of sensitive system information.
network
low complexity
sierrawireless CWE-20
4.0
4.0
2020-08-21 CVE-2019-11856 Authentication Bypass by Capture-replay vulnerability in Sierrawireless Aleos
A nonce reuse vulnerability exists in the ACEView service of ALEOS before 4.13.0, 4.9.5, and 4.4.9 allowing message replay.
network
low complexity
sierrawireless CWE-294
5.5
5.5