Sierrawireless: >> Rv55 Security Vulnerabilities
OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference, daemon crash, and Captive Portal outage) via a GET request to /opennds_auth/ that lacks a custom query string parameter and client-token.
CVSS Score
7.5
EPSS Score
0.0
Published
2023-12-25
Several versions of
ALEOS, including ALEOS 4.16.0, use a hardcoded
SSL certificate and
private key. An attacker with access to these items
could potentially
perform a man in the middle attack between the
ACEManager client
and ACEManager server.
CVSS Score
8.1
EPSS Score
0.0
Published
2023-12-04
Several versions of
ALEOS, including ALEOS 4.16.0, include an opensource
third-party
component which can be exploited from the local
area network,
resulting in a Denial of Service condition for the captive portal.
CVSS Score
8.3
EPSS Score
0.0
Published
2023-12-04
The ACEManager
component of ALEOS 4.16 and earlier does not
validate uploaded
file names and types, which could potentially allow
an authenticated
user to perform client-side script execution within
ACEManager, altering
the device functionality until the device is
restarted.
CVSS Score
7.1
EPSS Score
0.0
Published
2023-12-04
The ACEManager
component of ALEOS 4.16 and earlier allows an
authenticated user
with Administrator privileges to access a file
upload field which
does not fully validate the file name, creating a
Stored Cross-Site
Scripting condition.
CVSS Score
8.1
EPSS Score
0.0
Published
2023-12-04
The ACEManager
component of ALEOS 4.16 and earlier does not
perform input
sanitization during authentication, which could
potentially result
in a Denial of Service (DoS) condition for
ACEManager without
impairing other router functions. ACEManager
recovers from the
DoS condition by restarting within ten seconds of
becoming
unavailable.
CVSS Score
7.5
EPSS Score
0.0
Published
2023-12-04
When configured in
debugging mode by an authenticated user with
administrative
privileges, ALEOS 4.16 and earlier store the SHA512
hash of the common
root password for that version in a directory
accessible to a user
with root privileges or equivalent access.
CVSS Score
8.1
EPSS Score
0.0
Published
2023-12-04
The
ACEManager component of ALEOS 4.16 and earlier does not adequately perform
input sanitization during authentication, which could potentially result in a
Denial of Service (DoS) condition for ACEManager without impairing other router
functions. ACEManager recovers from the DoS condition by restarting within ten
seconds of becoming unavailable.
CVSS Score
7.5
EPSS Score
0.007
Published
2023-12-04
Acemanager in ALEOS before version 4.16 allows a user with valid credentials to manipulate the IP logging operation to execute arbitrary shell commands on the device.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-02-10
Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page.
CVSS Score
4.9
EPSS Score
0.002
Published
2023-02-10
Page 1