Security Vulnerabilities - CVEs Published In April 2017
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection.
CVSS Score
9.8
EPSS Score
0.007
Published
2017-04-10
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.
CVSS Score
9.8
EPSS Score
0.0
Published
2017-04-10
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection.
CVSS Score
8.8
EPSS Score
0.005
Published
2017-04-10
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests.
CVSS Score
9.8
EPSS Score
0.0
Published
2017-04-10
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL.
CVSS Score
9.8
EPSS Score
0.0
Published
2017-04-10
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext.
CVSS Score
9.8
EPSS Score
0.0
Published
2017-04-10
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root.
CVSS Score
8.8
EPSS Score
0.0
Published
2017-04-10
OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9, Professional Edition v4.8.12, Professional Edition v4.9.9, Community Edition v4.8.12, Community Edition v4.9.9.
CVSS Score
8.8
EPSS Score
0.022
Published
2017-04-10
CloudView NMS before 2.10a has XSS via SNMP.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-04-10
CloudView NMS before 2.10a has a format string issue exploitable over SNMP.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-04-10