Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Aleos
(Sierrawireless)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 29 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-10-06 | CVE-2020-8782 | Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution. | Aleos | 9.8 | ||
| 2020-10-06 | CVE-2020-8781 | Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 and later allow an escalation to root from a low-privilege process. | Aleos | 7.8 | ||
| 2023-02-10 | CVE-2022-46649 | Acemanager in ALEOS before version 4.16 allows a user with valid credentials to manipulate the IP logging operation to execute arbitrary shell commands on the device. | Aleos | 8.8 | ||
| 2023-02-10 | CVE-2022-46650 | Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page. | Aleos | 4.9 | ||
| 2023-11-29 | CVE-2023-40458 | Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Sierra Wireless, Inc ALEOS could potentially allow a remote attacker to trigger a Denial of Service (DoS) condition for ACEManager without impairing other router functions. This condition is cleared by restarting the device. | Aleos | 7.5 | ||
| 2023-12-04 | CVE-2023-40459 | The ACEManager component of ALEOS 4.16 and earlier does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting within ten seconds of becoming unavailable. | Aleos | 7.5 | ||
| 2023-12-04 | CVE-2023-40460 | The ACEManager component of ALEOS 4.16 and earlier does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within ACEManager, altering the device functionality until the device is restarted. | Aleos | 5.4 | ||
| 2023-12-04 | CVE-2023-40461 | The ACEManager component of ALEOS 4.16 and earlier allows an authenticated user with Administrator privileges to access a file upload field which does not fully validate the file name, creating a Stored Cross-Site Scripting condition. | Aleos | 4.8 | ||
| 2023-12-04 | CVE-2023-40462 | The ACEManager component of ALEOS 4.16 and earlier does not perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting within ten seconds of becoming unavailable. | Debian_linux, Aleos | 7.5 | ||
| 2023-12-04 | CVE-2023-40463 | When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and earlier store the SHA512 hash of the common root password for that version in a directory accessible to a user with root privileges or equivalent access. | Aleos | 7.2 |