Filtered by vendor Sierrawireless
Subscriptions
Filtered by product Airlink Es450
Subscriptions
Total
26 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-4069 | 1 Sierrawireless | 2 Airlink Es450, Airlink Es450 Firmware | 2024-08-05 | N/A |
| An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintext XML to the web server. An attacker can listen to network traffic upstream from the device to capitalize on this vulnerability. | ||||
| CVE-2018-4065 | 1 Sierrawireless | 2 Airlink Es450, Airlink Es450 Firmware | 2024-08-05 | N/A |
| An exploitable cross-site scripting vulnerability exists in the ACEManager ping_result.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the victim's browser. An attacker can get a victim to click a link, or embedded URL, that redirects to the reflected cross-site scripting vulnerability to trigger this vulnerability. | ||||
| CVE-2018-4070 | 1 Sierrawireless | 2 Airlink Es450, Airlink Es450 Firmware | 2024-08-05 | N/A |
| An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. This binary does not have any restricted configuration settings, so once the MSCIID is discovered, any authenticated user can send configuration changes using the /cgi-bin/Embedded_Ace_Get_Task.cgi endpoint. | ||||
| CVE-2018-4067 | 1 Sierrawireless | 2 Airlink Es450, Airlink Es450 Firmware | 2024-08-05 | N/A |
| An exploitable information disclosure vulnerability exists in the ACEManager template_load.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a information leak, resulting in the disclosure of internal paths and files. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2018-4062 | 1 Sierrawireless | 2 Airlink Es450, Airlink Es450 Firmware | 2024-08-05 | N/A |
| A hard-coded credentials vulnerability exists in the snmpd function of the Sierra Wireless AirLink ES450 FW 4.9.3. Activating snmpd outside of the WebUI can cause the activation of the hard-coded credentials, resulting in the exposure of a privileged user. An attacker can activate snmpd without any configuration changes to trigger this vulnerability. | ||||
| CVE-2020-8781 | 1 Sierrawireless | 14 Airlink Es440, Airlink Es450, Airlink Gx400 and 11 more | 2024-08-04 | 7.8 High |
| Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 and later allow an escalation to root from a low-privilege process. | ||||