Vendor
Sierrawireless
Products
24
CVEs
11
Across products
49
Status
Private
Products
24- 7 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
11| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-5070 | Cri | 0.64 | 9.8 | 0.00 | Apr 10, 2017 | Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext. | |
| CVE-2016-5069 | Cri | 0.64 | 9.8 | 0.00 | Apr 10, 2017 | Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL. | |
| CVE-2016-5068 | Cri | 0.64 | 9.8 | 0.00 | Apr 10, 2017 | Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests. | |
| CVE-2016-5066 | Cri | 0.64 | 9.8 | 0.00 | Apr 10, 2017 | Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user. | |
| CVE-2016-5065 | Cri | 0.64 | 9.8 | 0.01 | Apr 10, 2017 | Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection. | |
| CVE-2016-5071 | Hig | 0.57 | 8.8 | 0.00 | Apr 10, 2017 | Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root. | |
| CVE-2016-5067 | Hig | 0.57 | 8.8 | 0.01 | Apr 10, 2017 | Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection. | |
| CVE-2017-9247 | Hig | 0.51 | 7.8 | 0.00 | Aug 2, 2017 | Multiple unquoted service path vulnerabilities in Sierra Wireless Windows Mobile Broadband Driver Package (MBDP) with build ID < 4657 allows local users to launch processes with elevated privileges. | |
| CVE-2015-2897 | 0.00 | — | 0.00 | Aug 8, 2015 | Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote attackers to obtain administrative access via a (1) SSH or (2) TELNET session. | ||
| CVE-2013-2820 | 0.00 | — | 0.00 | Jan 15, 2014 | The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to reprogram the firmware via a replay attack using UDP ports 17336 and 17388. | ||
| CVE-2013-2819 | 0.00 | — | 0.00 | Jan 15, 2014 | The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to install Trojan horse firmware by leveraging cleartext credentials in a crafted (1) update or (2) reprogramming action. |