Vulnerabilities > Sierrawireless > GX 440 > Critical

DATE CVE VULNERABILITY TITLE RISK
2017-04-10 CVE-2016-5066 Credentials Management vulnerability in Sierrawireless Aleos Firmware 4.3.2
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.
network
low complexity
sierrawireless CWE-255
critical
 10.0
10
2017-04-10 CVE-2016-5067 Command Injection vulnerability in Sierrawireless Aleos Firmware 4.3.2
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection.
network
low complexity
sierrawireless CWE-77
critical
 9.0
9.0
2017-04-10 CVE-2016-5071 Permissions, Privileges, and Access Controls vulnerability in Sierrawireless Aleos Firmware 4.3.2
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root.
network
low complexity
sierrawireless CWE-264
critical
 10.0
10