Sierrawireless: Security Vulnerabilities
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext.
CVSS Score
9.8
EPSS Score
0.0
Published
2017-04-10
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root.
CVSS Score
8.8
EPSS Score
0.0
Published
2017-04-10
ACEmanager in Sierra Wireless ALEOS 4.4.2 and earlier on ES440, ES450, GX400, GX440, GX450, and LS300 devices allows remote attackers to read the filteredlogs.txt file, and consequently discover potentially sensitive boot-sequence information, via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.0
Published
2016-04-21
Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote attackers to obtain administrative access via a (1) SSH or (2) TELNET session.
CVSS Score
10.0
EPSS Score
0.0
Published
2015-08-08
The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to reprogram the firmware via a replay attack using UDP ports 17336 and 17388.
CVSS Score
10.0
EPSS Score
0.0
Published
2014-01-15
The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to install Trojan horse firmware by leveraging cleartext credentials in a crafted (1) update or (2) reprogramming action.
CVSS Score
9.3
EPSS Score
0.0
Published
2014-01-15
Page 6