Vulnerabilities > Sierrawireless
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-21 | CVE-2019-11853 | Command Injection vulnerability in Sierrawireless Aleos Several potential command injections vulnerabilities exist in the AT command interface of ALEOS before 4.11.0, and 4.9.4. | 6.5 |
| 2020-08-21 | CVE-2019-11852 | Out-of-bounds Read vulnerability in Sierrawireless Aleos An out-of-bounds reads vulnerability exists in the ACEView Service of ALEOS before 4.13.0, 4.9.5, and 4.4.9. | 6.4 |
| 2020-08-21 | CVE-2019-11850 | Out-of-bounds Write vulnerability in Sierrawireless Aleos A stack overflow vulnerabiltity exist in the AT command interface of ALEOS before 4.11.0. | 4.6 |
| 2020-08-21 | CVE-2019-11849 | Out-of-bounds Write vulnerability in Sierrawireless Aleos A stack overflow vulnerabiltity exists in the AT command APIs of ALEOS before 4.11.0. | 4.6 |
| 2020-08-21 | CVE-2019-11848 | Out-of-bounds Write vulnerability in Sierrawireless Aleos An API abuse vulnerability exists in the AT command API of ALEOS before 4.13.0, 4.9.5, 4.4.9 due to lack of length checking when handling certain user-provided values. | 6.5 |
| 2020-08-21 | CVE-2019-11847 | Improper Privilege Management vulnerability in Sierrawireless Aleos An improper privilege management vulnerabitlity exists in ALEOS before 4.11.0, 4.9.4 and 4.4.9. | 7.2 |
| 2020-04-15 | CVE-2020-8948 | Improper Privilege Management vulnerability in Sierrawireless Mobile Broadband Driver Package The Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP) before build 5043 allows an unprivileged user to overwrite arbitrary files in arbitrary folders using hard links. | 7.2 |
| 2019-10-31 | CVE-2018-4064 | Improper Authentication vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3 An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. | 5.5 |
| 2019-05-06 | CVE-2018-4073 | Incorrect Permission Assignment for Critical Resource vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3 An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. | 6.5 |
| 2019-05-06 | CVE-2018-4072 | Incorrect Permission Assignment for Critical Resource vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3 An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. | 6.5 |