Aleos

DATE	CVE	VULNERABILITY TITLE	RISK
2023-02-10	CVE-2022-46650	Information Exposure vulnerability in Sierrawireless Aleos Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page. network low complexity sierrawireless CWE-200	4.9
2022-12-26	CVE-2019-11851	Classic Buffer Overflow vulnerability in Sierrawireless Aleos The ACENet service in Sierra Wireless ALEOS before 4.4.9, 4.5.x through 4.9.x before 4.9.5, and 4.10.x through 4.13.x before 4.14.0 allows remote attackers to execute arbitrary code via a buffer overflow. network low complexity sierrawireless CWE-120 critical	9.8
2020-10-06	CVE-2020-8782	Unspecified vulnerability in Sierrawireless Aleos Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution. network low complexity sierrawireless critical	9.8
2020-10-06	CVE-2020-8781	Unspecified vulnerability in Sierrawireless Aleos Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 and later allow an escalation to root from a low-privilege process. local low complexity sierrawireless	7.8
2020-08-21	CVE-2019-11862	Unspecified vulnerability in Sierrawireless Aleos The SSH service on ALEOS before 4.12.0, 4.9.5, 4.4.9 allows traffic proxying. local low complexity sierrawireless	8.4
2020-08-21	CVE-2019-11859	Classic Buffer Overflow vulnerability in Sierrawireless Aleos A buffer overflow exists in the SMS handler API of ALEOS before 4.13.0, 4.9.5, 4.9.4 that may allow code execution as root. network low complexity sierrawireless CWE-120	8.8
2020-08-21	CVE-2019-11858	Classic Buffer Overflow vulnerability in Sierrawireless Aleos Multiple buffer overflow vulnerabilities exist in the AceManager Web API of ALEOS before 4.13.0, 4.9.5, and 4.4.9. network low complexity sierrawireless CWE-120	7.2
2020-08-21	CVE-2019-11857	Improper Input Validation vulnerability in Sierrawireless Aleos Lack of input sanitization in AceManager of ALEOS before 4.12.0, 4.9.5 and 4.4.9 allows disclosure of sensitive system information. network low complexity sierrawireless CWE-20	4.9
2020-08-21	CVE-2019-11856	Authentication Bypass by Capture-replay vulnerability in Sierrawireless Aleos A nonce reuse vulnerability exists in the ACEView service of ALEOS before 4.13.0, 4.9.5, and 4.4.9 allowing message replay. network low complexity sierrawireless CWE-294	3.8
2020-08-21	CVE-2019-11855	Unspecified vulnerability in Sierrawireless Aleos An RPC server is enabled by default on the gateway's LAN of ALEOS before 4.12.0, 4.9.5, and 4.4.9. network low complexity sierrawireless critical	9.8