Vulnerabilities > Sierrawireless

DATE CVE VULNERABILITY TITLE RISK
2018-05-04 CVE-2018-10251 Insecure Default Initialization of Resource vulnerability in Sierrawireless Aleos
A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.7 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9.3 could allow an unauthenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges.
network
low complexity
sierrawireless CWE-1188
critical
 10.0
10
2018-05-04 CVE-2017-15043 Improper Input Validation vulnerability in Sierrawireless products
A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.5 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9 could allow an authenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges.
network
low complexity
sierrawireless CWE-20
critical
 9.0
9.0
2017-08-02 CVE-2017-9247 Unquoted Search Path or Element vulnerability in Sierrawireless products
Multiple unquoted service path vulnerabilities in Sierra Wireless Windows Mobile Broadband Driver Package (MBDP) with build ID < 4657 allows local users to launch processes with elevated privileges.
local
low complexity
sierrawireless CWE-428
4.6
4.6
2017-04-10 CVE-2016-5071 Permissions, Privileges, and Access Controls vulnerability in Sierrawireless Aleos Firmware 4.3.2
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root.
network
low complexity
sierrawireless CWE-264
critical
 10.0
10
2017-04-10 CVE-2016-5070 Credentials Management vulnerability in Sierrawireless Aleos Firmware 4.3.2
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext.
network
low complexity
sierrawireless CWE-255
5.0
5.0
2017-04-10 CVE-2016-5069 Insufficient Session Expiration vulnerability in Sierrawireless Aleos Firmware 4.3.2
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL.
network
low complexity
sierrawireless CWE-613
7.5
7.5
2017-04-10 CVE-2016-5068 Improper Authentication vulnerability in Sierrawireless Aleos Firmware 4.3.2
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests.
network
low complexity
sierrawireless CWE-287
7.5
7.5
2017-04-10 CVE-2016-5067 Command Injection vulnerability in Sierrawireless Aleos Firmware 4.3.2
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection.
network
low complexity
sierrawireless CWE-77
critical
 9.0
9.0
2017-04-10 CVE-2016-5066 Credentials Management vulnerability in Sierrawireless Aleos Firmware 4.3.2
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.
network
low complexity
sierrawireless CWE-255
critical
 10.0
10
2017-04-10 CVE-2016-5065 Command Injection vulnerability in Sierrawireless Aleos Firmware 4.3.2
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection.
network
low complexity
sierrawireless CWE-77
7.5
7.5