Vulnerabilities > Sierrawireless > Aleos > 4.4.9

DATE CVE VULNERABILITY TITLE RISK
2023-02-10 CVE-2022-46650 Information Exposure vulnerability in Sierrawireless Aleos
Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page.
network
low complexity
sierrawireless CWE-200
4.9
4.9
2020-08-21 CVE-2019-11859 Classic Buffer Overflow vulnerability in Sierrawireless Aleos
A buffer overflow exists in the SMS handler API of ALEOS before 4.13.0, 4.9.5, 4.9.4 that may allow code execution as root.
network
low complexity
sierrawireless CWE-120
8.8
8.8
2020-08-21 CVE-2019-11858 Classic Buffer Overflow vulnerability in Sierrawireless Aleos
Multiple buffer overflow vulnerabilities exist in the AceManager Web API of ALEOS before 4.13.0, 4.9.5, and 4.4.9.
network
low complexity
sierrawireless CWE-120
7.2
7.2
2020-08-21 CVE-2019-11857 Improper Input Validation vulnerability in Sierrawireless Aleos
Lack of input sanitization in AceManager of ALEOS before 4.12.0, 4.9.5 and 4.4.9 allows disclosure of sensitive system information.
network
low complexity
sierrawireless CWE-20
4.9
4.9
2020-08-21 CVE-2019-11856 Authentication Bypass by Capture-replay vulnerability in Sierrawireless Aleos
A nonce reuse vulnerability exists in the ACEView service of ALEOS before 4.13.0, 4.9.5, and 4.4.9 allowing message replay.
network
low complexity
sierrawireless CWE-294
3.8
3.8
2020-08-21 CVE-2019-11855 Unspecified vulnerability in Sierrawireless Aleos
An RPC server is enabled by default on the gateway's LAN of ALEOS before 4.12.0, 4.9.5, and 4.4.9.
network
low complexity
sierrawireless
critical
 9.8
9.8
2020-08-21 CVE-2019-11853 Command Injection vulnerability in Sierrawireless Aleos
Several potential command injections vulnerabilities exist in the AT command interface of ALEOS before 4.11.0, and 4.9.4.
network
low complexity
sierrawireless CWE-77
7.2
7.2
2020-08-21 CVE-2019-11852 Out-of-bounds Read vulnerability in Sierrawireless Aleos
An out-of-bounds reads vulnerability exists in the ACEView Service of ALEOS before 4.13.0, 4.9.5, and 4.4.9.
network
low complexity
sierrawireless CWE-125
critical
 9.1
9.1
2020-08-21 CVE-2019-11850 Out-of-bounds Write vulnerability in Sierrawireless Aleos
A stack overflow vulnerabiltity exist in the AT command interface of ALEOS before 4.11.0.
local
low complexity
sierrawireless CWE-787
6.7
6.7
2020-08-21 CVE-2019-11849 Out-of-bounds Write vulnerability in Sierrawireless Aleos
A stack overflow vulnerabiltity exists in the AT command APIs of ALEOS before 4.11.0.
local
low complexity
sierrawireless CWE-787
6.7
6.7