Vulnerabilities > Sierrawireless > GX 440 > High

DATE CVE VULNERABILITY TITLE RISK
2017-04-10 CVE-2016-5069 Insufficient Session Expiration vulnerability in Sierrawireless Aleos Firmware 4.3.2
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL.
network
low complexity
sierrawireless CWE-613
7.5
7.5
2017-04-10 CVE-2016-5068 Improper Authentication vulnerability in Sierrawireless Aleos Firmware 4.3.2
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests.
network
low complexity
sierrawireless CWE-287
7.5
7.5
2017-04-10 CVE-2016-5065 Command Injection vulnerability in Sierrawireless Aleos Firmware 4.3.2
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection.
network
low complexity
sierrawireless CWE-77
7.5
7.5