VYPR

Vendor CVEs

Sierrawireless

All CVEs

63 total · sorted by risk
  • CVE-2019-11847Aug 21, 2020
    risk 0.00cvss epss 0.00

    An improper privilege management vulnerabitlity exists in ALEOS before 4.11.0, 4.9.4 and 4.4.9. An authenticated user can escalate to root via the command shell.

  • CVE-2020-8948Apr 15, 2020
    risk 0.00cvss epss 0.00

    The Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP) before build 5043 allows an unprivileged user to overwrite arbitrary files in arbitrary folders using hard links. An unprivileged user could leverage this vulnerability to execute arbitrary code with system…

  • CVE-2018-4064Oct 31, 2019
    risk 0.00cvss epss 0.16

    An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user…

  • CVE-2018-4067May 6, 2019
    risk 0.00cvss epss 0.04

    An exploitable information disclosure vulnerability exists in the ACEManager template_load.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a information leak, resulting in the disclosure of internal paths and files. An…

  • CVE-2018-4062May 6, 2019
    risk 0.00cvss epss 0.05

    A hard-coded credentials vulnerability exists in the snmpd function of the Sierra Wireless AirLink ES450 FW 4.9.3. Activating snmpd outside of the WebUI can cause the activation of the hard-coded credentials, resulting in the exposure of a privileged user. An attacker can…

  • CVE-2018-4065May 6, 2019
    risk 0.00cvss epss 0.05

    An exploitable cross-site scripting vulnerability exists in the ACEManager ping_result.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code…

  • CVE-2018-4061May 6, 2019
    risk 0.00cvss epss 0.19

    An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an…

  • CVE-2018-4068May 6, 2019
    risk 0.00cvss epss 0.11

    An exploitable information disclosure vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A HTTP request can result in disclosure of the default configuration for the device. An attacker can send an unauthenticated HTTP request to…

  • CVE-2018-4069May 6, 2019
    risk 0.00cvss epss 0.04

    An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintext XML to the web server. An attacker can listen to network traffic upstream…

  • CVE-2015-2897Aug 8, 2015
    risk 0.00cvss epss 0.02

    Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote attackers to obtain administrative access via a (1) SSH or (2) TELNET session.

  • CVE-2015-2054Feb 23, 2015
    risk 0.00cvss epss 0.01

    CRLF injection vulnerability in export.cfg in the web-based administrative console for Sierra Wireless AirCard 760S, 762S, and 763S allows remote attackers to inject arbitrary headers via CRLF sequences in the save parameter.

  • CVE-2013-2820Jan 15, 2014
    risk 0.00cvss epss 0.04

    The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to reprogram the firmware via a replay attack using UDP ports 17336 and 17388.

  • CVE-2013-2819Jan 15, 2014
    risk 0.00cvss epss 0.02

    The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to install Trojan horse firmware by leveraging cleartext credentials in a crafted (1) update or (2) reprogramming action.

Page 2 of 2