Sierrawireless: >> Airlink Rv50x Security Vulnerabilities
A nonce reuse vulnerability exists in the ACEView service of ALEOS before 4.13.0, 4.9.5, and 4.4.9 allowing message replay. Captured traffic to the ACEView service can be replayed to other gateways sharing the same credentials.
CVSS Score
3.3
EPSS Score
0.0
Published
2020-08-21
Lack of input sanitization in AceManager of ALEOS before 4.12.0, 4.9.5 and 4.4.9 allows disclosure of sensitive system information.
CVSS Score
9.1
EPSS Score
0.0
Published
2020-08-21
Multiple buffer overflow vulnerabilities exist in the AceManager Web API of ALEOS before 4.13.0, 4.9.5, and 4.4.9.
CVSS Score
5.7
EPSS Score
0.0
Published
2020-08-21
A buffer overflow exists in the SMS handler API of ALEOS before 4.13.0, 4.9.5, 4.9.4 that may allow code execution as root.
CVSS Score
6.0
EPSS Score
0.0
Published
2020-08-21
CVE-2018-4063
An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Known exploited
CVSS Score
8.8
EPSS Score
0.009
Published
2019-05-06
Page 2