Product:

Aleos

(Sierrawireless)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 29
Date Id Summary Products Score Patch Annotated
2023-12-04 CVE-2023-40462 The ACEManager component of ALEOS 4.16 and earlier does not perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting within ten seconds of becoming unavailable. Debian_linux, Aleos 7.5
2023-12-25 CVE-2023-38321 OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference, daemon crash, and Captive Portal outage) via a GET request to /opennds_auth/ that lacks a custom query string parameter and client-token. Aleos 7.5
2023-12-04 CVE-2023-40459 The ACEManager component of ALEOS 4.16 and earlier does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting within ten seconds of becoming unavailable. Aleos 7.5
2023-12-04 CVE-2023-40460 The ACEManager component of ALEOS 4.16 and earlier does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within ACEManager, altering the device functionality until the device is restarted. Aleos 5.4
2023-12-04 CVE-2023-40461 The ACEManager component of ALEOS 4.16 and earlier allows an authenticated user with Administrator privileges to access a file upload field which does not fully validate the file name, creating a Stored Cross-Site Scripting condition. Aleos 4.8
2023-12-04 CVE-2023-40463 When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and earlier store the SHA512 hash of the common root password for that version in a directory accessible to a user with root privileges or equivalent access. Aleos 7.2
2023-12-04 CVE-2023-40464 Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded SSL certificate and private key. An attacker with access to these items could potentially perform a man in the middle attack between the ACEManager client and ACEManager server. Aleos 6.8
2023-12-04 CVE-2023-40465 Several versions of ALEOS, including ALEOS 4.16.0, include an opensource third-party component which can be exploited from the local area network, resulting in a Denial of Service condition for the captive portal. Aleos 5.5
2023-11-29 CVE-2023-40458 Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Sierra Wireless, Inc ALEOS could potentially allow a remote attacker to trigger a Denial of Service (DoS) condition for ACEManager without impairing other router functions. This condition is cleared by restarting the device. Aleos 7.5