Vulnerabilities > Sierrawireless > GX 440 > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-04-10 | CVE-2016-5069 | Insufficient Session Expiration vulnerability in Sierrawireless Aleos Firmware 4.3.2 Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL. | 7.5 |
2017-04-10 | CVE-2016-5068 | Improper Authentication vulnerability in Sierrawireless Aleos Firmware 4.3.2 Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests. | 7.5 |
2017-04-10 | CVE-2016-5065 | Command Injection vulnerability in Sierrawireless Aleos Firmware 4.3.2 Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection. | 7.5 |