Filtered by vendor Sierrawireless Subscriptions
Total 56 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-4062 1 Sierrawireless 2 Airlink Es450, Airlink Es450 Firmware 2024-11-21 N/A
A hard-coded credentials vulnerability exists in the snmpd function of the Sierra Wireless AirLink ES450 FW 4.9.3. Activating snmpd outside of the WebUI can cause the activation of the hard-coded credentials, resulting in the exposure of a privileged user. An attacker can activate snmpd without any configuration changes to trigger this vulnerability.
CVE-2018-4061 1 Sierrawireless 2 Airlink Es450, Airlink Es450 Firmware 2024-11-21 N/A
An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HTTP request to trigger this vulnerability.
CVE-2018-10251 1 Sierrawireless 11 Aleos, Es440, Es450 and 8 more 2024-11-21 N/A
A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.7 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9.3 could allow an unauthenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges.
CVE-2017-9247 1 Sierrawireless 3 Sierra Wireless Em7345 Software, Sierra Wireless Em7455 Software, Sierra Wireless Location Sensor Driver 2024-11-21 N/A
Multiple unquoted service path vulnerabilities in Sierra Wireless Windows Mobile Broadband Driver Package (MBDP) with build ID < 4657 allows local users to launch processes with elevated privileges.
CVE-2017-15043 1 Sierrawireless 20 Es440, Es440 Firmware, Es450 and 17 more 2024-11-21 N/A
A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.5 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9 could allow an authenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. This vulnerability is due to insufficient input validation on user-controlled input in an HTTP request to the targeted device. An attacker in possession of router login credentials could exploit this vulnerability by sending a crafted HTTP request to an affected system.
CVE-2016-5071 1 Sierrawireless 2 Aleos Firmware, Gx 440 2024-11-21 N/A
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root.
CVE-2016-5070 1 Sierrawireless 2 Aleos Firmware, Gx 440 2024-11-21 N/A
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext.
CVE-2016-5069 1 Sierrawireless 2 Aleos Firmware, Gx 440 2024-11-21 N/A
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL.
CVE-2016-5068 1 Sierrawireless 2 Aleos Firmware, Gx 440 2024-11-21 N/A
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests.
CVE-2016-5067 1 Sierrawireless 2 Aleos Firmware, Gx 440 2024-11-21 N/A
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection.
CVE-2016-5066 1 Sierrawireless 2 Aleos Firmware, Gx 440 2024-11-21 N/A
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.
CVE-2016-5065 1 Sierrawireless 2 Aleos Firmware, Gx 440 2024-11-21 N/A
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection.
CVE-2015-6479 1 Sierrawireless 7 Aleos, Es440, Es450 and 4 more 2024-11-21 4.3 Medium
ACEmanager in Sierra Wireless ALEOS 4.4.2 and earlier on ES440, ES450, GX400, GX440, GX450, and LS300 devices allows remote attackers to read the filteredlogs.txt file, and consequently discover potentially sensitive boot-sequence information, via unspecified vectors.
CVE-2015-2897 1 Sierrawireless 6 Airlink Es440, Airlink Es450, Airlink Gx440 and 3 more 2024-11-21 N/A
Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote attackers to obtain administrative access via a (1) SSH or (2) TELNET session.
CVE-2013-2820 1 Sierrawireless 19 Airlink Mp At\&t, Airlink Mp At\&t Wifi, Airlink Mp Bell and 16 more 2024-11-21 N/A
The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to reprogram the firmware via a replay attack using UDP ports 17336 and 17388.
CVE-2013-2819 1 Sierrawireless 19 Airlink Mp At\&t, Airlink Mp At\&t Wifi, Airlink Mp Bell and 16 more 2024-11-21 N/A
The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to install Trojan horse firmware by leveraging cleartext credentials in a crafted (1) update or (2) reprogramming action.