Vulnerabilities > Sierrawireless > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-06 | CVE-2018-4063 | Unrestricted Upload of File with Dangerous Type vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3 An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. | 8.8 |
| 2019-05-06 | CVE-2018-4062 | Use of Hard-coded Credentials vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3 A hard-coded credentials vulnerability exists in the snmpd function of the Sierra Wireless AirLink ES450 FW 4.9.3. | 8.1 |
| 2019-05-06 | CVE-2018-4069 | Information Exposure vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3 An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. | 7.5 |
| 2019-05-06 | CVE-2018-4061 | OS Command Injection vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3 An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. | 8.8 |
| 2018-05-04 | CVE-2017-15043 | Improper Input Validation vulnerability in Sierrawireless products A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.5 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9 could allow an authenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. | 8.8 |
| 2017-08-02 | CVE-2017-9247 | Unquoted Search Path or Element vulnerability in Sierrawireless products Multiple unquoted service path vulnerabilities in Sierra Wireless Windows Mobile Broadband Driver Package (MBDP) with build ID < 4657 allows local users to launch processes with elevated privileges. | 7.8 |
| 2017-04-10 | CVE-2016-5071 | Permissions, Privileges, and Access Controls vulnerability in Sierrawireless Aleos Firmware 4.3.2 Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root. | 8.8 |
| 2017-04-10 | CVE-2016-5067 | Command Injection vulnerability in Sierrawireless Aleos Firmware 4.3.2 Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection. | 8.8 |