Vulnerabilities > Sierrawireless > Aleos Firmware

DATE CVE VULNERABILITY TITLE RISK
2017-04-10 CVE-2016-5071 Permissions, Privileges, and Access Controls vulnerability in Sierrawireless Aleos Firmware 4.3.2
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root.
network
low complexity
sierrawireless CWE-264
8.8
8.8
2017-04-10 CVE-2016-5070 Credentials Management vulnerability in Sierrawireless Aleos Firmware 4.3.2
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext.
network
low complexity
sierrawireless CWE-255
critical
 9.8
9.8
2017-04-10 CVE-2016-5069 Insufficient Session Expiration vulnerability in Sierrawireless Aleos Firmware 4.3.2
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL.
network
low complexity
sierrawireless CWE-613
critical
 9.8
9.8
2017-04-10 CVE-2016-5068 Improper Authentication vulnerability in Sierrawireless Aleos Firmware 4.3.2
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests.
network
low complexity
sierrawireless CWE-287
critical
 9.8
9.8
2017-04-10 CVE-2016-5067 Command Injection vulnerability in Sierrawireless Aleos Firmware 4.3.2
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection.
network
low complexity
sierrawireless CWE-77
8.8
8.8
2017-04-10 CVE-2016-5066 Credentials Management vulnerability in Sierrawireless Aleos Firmware 4.3.2
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.
network
low complexity
sierrawireless CWE-255
critical
 9.8
9.8
2017-04-10 CVE-2016-5065 Command Injection vulnerability in Sierrawireless Aleos Firmware 4.3.2
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection.
network
low complexity
sierrawireless CWE-77
critical
 9.8
9.8