Vulnerabilities > Sierrawireless > High

DATE CVE VULNERABILITY TITLE RISK
2020-08-21 CVE-2019-11853 Command Injection vulnerability in Sierrawireless Aleos
Several potential command injections vulnerabilities exist in the AT command interface of ALEOS before 4.11.0, and 4.9.4.
network
low complexity
sierrawireless CWE-77
7.2
7.2
2020-08-21 CVE-2019-11848 Out-of-bounds Write vulnerability in Sierrawireless Aleos
An API abuse vulnerability exists in the AT command API of ALEOS before 4.13.0, 4.9.5, 4.4.9 due to lack of length checking when handling certain user-provided values.
network
low complexity
sierrawireless CWE-787
7.2
7.2
2020-08-21 CVE-2019-11847 Improper Privilege Management vulnerability in Sierrawireless Aleos
An improper privilege management vulnerabitlity exists in ALEOS before 4.11.0, 4.9.4 and 4.4.9.
local
low complexity
sierrawireless CWE-269
7.8
7.8
2020-04-15 CVE-2020-8948 Link Following vulnerability in Sierrawireless Mobile Broadband Driver Package
The Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP) before build 5043 allows an unprivileged user to overwrite arbitrary files in arbitrary folders using hard links.
local
low complexity
sierrawireless CWE-59
7.8
7.8
2019-10-31 CVE-2018-4064 Improper Authentication vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3
An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3.
network
low complexity
sierrawireless CWE-287
7.1
7.1
2019-05-06 CVE-2018-4073 Incorrect Permission Assignment for Critical Resource vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3
An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3.
network
low complexity
sierrawireless CWE-732
8.8
8.8
2019-05-06 CVE-2018-4072 Incorrect Permission Assignment for Critical Resource vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3
An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3.
network
low complexity
sierrawireless CWE-732
8.8
8.8
2019-05-06 CVE-2018-4071 Information Exposure vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3
An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3.
network
low complexity
sierrawireless CWE-200
8.8
8.8
2019-05-06 CVE-2018-4070 Information Exposure vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3
An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3.
network
low complexity
sierrawireless CWE-200
8.8
8.8
2019-05-06 CVE-2018-4066 Cross-Site Request Forgery (CSRF) vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3
An exploitable cross-site request forgery vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3.
network
low complexity
sierrawireless CWE-352
8.8
8.8