Vulnerabilities > Sierrawireless

DATE CVE VULNERABILITY TITLE RISK
2020-10-06 CVE-2020-8782 Unspecified vulnerability in Sierrawireless Aleos
Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution.
network
low complexity
sierrawireless
7.5
2020-10-06 CVE-2020-8781 Improper Input Validation vulnerability in Sierrawireless Aleos
Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 and later allow an escalation to root from a low-privilege process.
local
low complexity
sierrawireless CWE-20
7.2
2020-08-21 CVE-2019-11862 Incorrect Authorization vulnerability in Sierrawireless Aleos
The SSH service on ALEOS before 4.12.0, 4.9.5, 4.4.9 allows traffic proxying.
local
low complexity
sierrawireless CWE-863
4.6
2020-08-21 CVE-2019-11859 Classic Buffer Overflow vulnerability in Sierrawireless Aleos
A buffer overflow exists in the SMS handler API of ALEOS before 4.13.0, 4.9.5, 4.9.4 that may allow code execution as root.
network
low complexity
sierrawireless sierawireless CWE-120
critical
9.0
2020-08-21 CVE-2019-11858 Classic Buffer Overflow vulnerability in Sierrawireless Aleos
Multiple buffer overflow vulnerabilities exist in the AceManager Web API of ALEOS before 4.13.0, 4.9.5, and 4.4.9.
network
low complexity
sierrawireless sierawireless CWE-120
6.5
2020-08-21 CVE-2019-11857 Improper Input Validation vulnerability in Sierrawireless Aleos
Lack of input sanitization in AceManager of ALEOS before 4.12.0, 4.9.5 and 4.4.9 allows disclosure of sensitive system information.
network
low complexity
sierrawireless CWE-20
4.0
2020-08-21 CVE-2019-11856 Authentication Bypass by Capture-replay vulnerability in Sierrawireless Aleos
A nonce reuse vulnerability exists in the ACEView service of ALEOS before 4.13.0, 4.9.5, and 4.4.9 allowing message replay.
network
low complexity
sierrawireless sierawireless CWE-294
5.5
2020-08-21 CVE-2019-11855 Unspecified vulnerability in Sierrawireless Aleos
An RPC server is enabled by default on the gateway's LAN of ALEOS before 4.12.0, 4.9.5, and 4.4.9.
network
low complexity
sierrawireless sierawireless
7.5
2020-08-21 CVE-2019-11853 Injection vulnerability in Sierrawireless Aleos
Several potential command injections vulnerabilities exist in the AT command interface of ALEOS before 4.11.0, and 4.9.4.
network
low complexity
sierrawireless CWE-74
6.5
2020-08-21 CVE-2019-11852 Out-of-bounds Read vulnerability in Sierrawireless Aleos
An out-of-bounds reads vulnerability exists in the ACEView Service of ALEOS before 4.13.0, 4.9.5, and 4.4.9.
network
low complexity
sierrawireless sierawireless CWE-125
6.4