Vulnerabilities > Sierrawireless

DATE	CVE	VULNERABILITY TITLE	RISK
2019-05-06	CVE-2018-4068	Information Exposure vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3 An exploitable information disclosure vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3. network low complexity sierrawireless CWE-200	5.3
2019-05-06	CVE-2018-4061	OS Command Injection vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3 An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. network low complexity sierrawireless CWE-78	8.8
2018-05-04	CVE-2018-10251	Missing Authorization vulnerability in Sierrawireless Aleos A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.7 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9.3 could allow an unauthenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. network low complexity sierrawireless CWE-862 critical	9.8
2018-05-04	CVE-2017-15043	Improper Input Validation vulnerability in Sierrawireless products A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.5 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9 could allow an authenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. network low complexity sierrawireless CWE-20	8.8
2017-08-02	CVE-2017-9247	Unquoted Search Path or Element vulnerability in Sierrawireless products Multiple unquoted service path vulnerabilities in Sierra Wireless Windows Mobile Broadband Driver Package (MBDP) with build ID < 4657 allows local users to launch processes with elevated privileges. local low complexity sierrawireless CWE-428	7.8
2017-04-10	CVE-2016-5071	Permissions, Privileges, and Access Controls vulnerability in Sierrawireless Aleos Firmware 4.3.2 Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root. network low complexity sierrawireless CWE-264	8.8
2017-04-10	CVE-2016-5070	Credentials Management vulnerability in Sierrawireless Aleos Firmware 4.3.2 Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext. network low complexity sierrawireless CWE-255 critical	9.8
2017-04-10	CVE-2016-5069	Insufficient Session Expiration vulnerability in Sierrawireless Aleos Firmware 4.3.2 Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL. network low complexity sierrawireless CWE-613 critical	9.8
2017-04-10	CVE-2016-5068	Improper Authentication vulnerability in Sierrawireless Aleos Firmware 4.3.2 Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests. network low complexity sierrawireless CWE-287 critical	9.8
2017-04-10	CVE-2016-5067	Command Injection vulnerability in Sierrawireless Aleos Firmware 4.3.2 Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection. network low complexity sierrawireless CWE-77	8.8

Vulnerabilities > Sierrawireless {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Sierrawireless"}]}

Vulnerabilities > Sierrawireless