Vulnerabilities > Sierrawireless > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-26 | CVE-2019-11851 | Classic Buffer Overflow vulnerability in Sierrawireless Aleos The ACENet service in Sierra Wireless ALEOS before 4.4.9, 4.5.x through 4.9.x before 4.9.5, and 4.10.x through 4.13.x before 4.14.0 allows remote attackers to execute arbitrary code via a buffer overflow. | 9.8 |
| 2022-12-26 | CVE-2020-11101 | Unspecified vulnerability in Sierrawireless Airlink Mobility Manager Sierra Wireless AirLink Mobility Manager (AMM) before 2.17 mishandles sessions and thus an unauthenticated attacker can obtain a login session with administrator privileges. | 9.8 |
| 2020-10-06 | CVE-2020-8782 | Unspecified vulnerability in Sierrawireless Aleos Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution. | 9.8 |
| 2020-08-21 | CVE-2019-11855 | Unspecified vulnerability in Sierrawireless Aleos An RPC server is enabled by default on the gateway's LAN of ALEOS before 4.12.0, 4.9.5, and 4.4.9. | 9.8 |
| 2020-08-21 | CVE-2019-11852 | Out-of-bounds Read vulnerability in Sierrawireless Aleos An out-of-bounds reads vulnerability exists in the ACEView Service of ALEOS before 4.13.0, 4.9.5, and 4.4.9. | 9.1 |
| 2018-05-04 | CVE-2018-10251 | Missing Authorization vulnerability in Sierrawireless Aleos A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.7 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9.3 could allow an unauthenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. | 9.8 |
| 2017-04-10 | CVE-2016-5070 | Credentials Management vulnerability in Sierrawireless Aleos Firmware 4.3.2 Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext. | 9.8 |
| 2017-04-10 | CVE-2016-5069 | Insufficient Session Expiration vulnerability in Sierrawireless Aleos Firmware 4.3.2 Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL. | 9.8 |
| 2017-04-10 | CVE-2016-5068 | Improper Authentication vulnerability in Sierrawireless Aleos Firmware 4.3.2 Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests. | 9.8 |
| 2017-04-10 | CVE-2016-5066 | Credentials Management vulnerability in Sierrawireless Aleos Firmware 4.3.2 Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user. | 9.8 |