SierrawirelessCVEs & Vulnerabilities

56 CVEs affecting Sierrawireless products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

aleos 30airlink es450 26airlink rv50x 15airlink lx60 15airlink rv50 15airlink mp70e 15airlink lx40 15airlink mp70 15
CVE-2016-5068CRITICAL

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests.

10 Apr 2017
9.8
CVSS
CVE-2016-5067HIGH

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection.

10 Apr 2017
8.8
CVSS
CVE-2016-5066CRITICAL

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.

10 Apr 2017
9.8
CVSS
CVE-2016-5065CRITICAL

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection.

10 Apr 2017
9.8
CVSS
CVE-2015-6479MEDIUM

ACEmanager in Sierra Wireless ALEOS 4.4.2 and earlier on ES440, ES450, GX400, GX440, GX450, and LS300 devices allows remote attackers to read the filteredlogs.txt file, and consequently discover potentially sensitive boot-sequence information, via unspecified vectors.

21 Apr 2016
4.3
CVSS
CVE-2015-2897CRITICAL

Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote attackers to obtain administrative access via a (1) SSH or (2) TELNET session.

8 Aug 2015
10.0
CVSS
CVE-2013-2820CRITICAL

The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to reprogram the firmware via a replay attack using UDP ports 17336 and 17388.

15 Jan 2014
10.0
CVSS
CVE-2013-2819CRITICAL

The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to install Trojan horse firmware by leveraging cleartext credentials in a crafted (1) update or (2) reprogramming action.

15 Jan 2014
9.3
CVSS
← PrevPage 2 / 2Next →
Sierrawireless CVEs & Vulnerabilities — 56 Tracked — Page 2