Sierrawireless: >> Aleos >> 4.13.0 Security Vulnerabilities
Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page.
CVSS Score
4.9
EPSS Score
0.002
Published
2023-02-10
The ACENet service in Sierra Wireless ALEOS before 4.4.9, 4.5.x through 4.9.x before 4.9.5, and 4.10.x through 4.13.x before 4.14.0 allows remote attackers to execute arbitrary code via a buffer overflow.
CVSS Score
9.8
EPSS Score
0.0
Published
2022-12-26
Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 and later allow an escalation to root from a low-privilege process.
CVSS Score
7.8
EPSS Score
0.0
Published
2020-10-06
Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution.
CVSS Score
7.5
EPSS Score
0.07
Published
2020-10-06
Page 2