Show filters
56 Total Results
Displaying 11-20 of 56
Sort by:
Attacker Value
Unknown

CVE-2022-46649

Disclosure Date: February 10, 2023 (last updated October 08, 2023)
Acemanager in ALEOS before version 4.16 allows a user with valid credentials to manipulate the IP logging operation to execute arbitrary shell commands on the device.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-11851

Disclosure Date: December 26, 2022 (last updated October 08, 2023)
The ACENet service in Sierra Wireless ALEOS before 4.4.9, 4.5.x through 4.9.x before 4.9.5, and 4.10.x through 4.13.x before 4.14.0 allows remote attackers to execute arbitrary code via a buffer overflow.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-13988

Disclosure Date: December 26, 2022 (last updated October 08, 2023)
Sierra Wireless MGOS before 3.15.2 and 4.x before 4.3 allows attackers to read log files via a Direct Request (aka Forced Browsing).
Attack Vector: Adjacent NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-11101

Disclosure Date: December 26, 2022 (last updated October 08, 2023)
Sierra Wireless AirLink Mobility Manager (AMM) before 2.17 mishandles sessions and thus an unauthenticated attacker can obtain a login session with administrator privileges.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-8781

Disclosure Date: October 06, 2020 (last updated November 28, 2024)
Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 and later allow an escalation to root from a low-privilege process.
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-8782

Disclosure Date: September 17, 2020 (last updated November 28, 2024)
Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-11855

Disclosure Date: August 21, 2020 (last updated November 28, 2024)
An RPC server is enabled by default on the gateway's LAN of ALEOS before 4.12.0, 4.9.5, and 4.4.9.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-11850

Disclosure Date: August 21, 2020 (last updated February 22, 2025)
A stack overflow vulnerabiltity exist in the AT command interface of ALEOS before 4.11.0. The vulnerability may allow code execution
Attack Vector: LocalPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-11858

Disclosure Date: August 21, 2020 (last updated February 22, 2025)
Multiple buffer overflow vulnerabilities exist in the AceManager Web API of ALEOS before 4.13.0, 4.9.5, and 4.4.9.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-11862

Disclosure Date: August 21, 2020 (last updated November 28, 2024)
The SSH service on ALEOS before 4.12.0, 4.9.5, 4.4.9 allows traffic proxying.
Attack Vector: LocalPrivileges: NoneUser Interaction: None
0
0
View More Topics  < Previous  Next >