Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Aleos
(Sierrawireless)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 29 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-02-10 | CVE-2022-46649 | Acemanager in ALEOS before version 4.16 allows a user with valid credentials to manipulate the IP logging operation to execute arbitrary shell commands on the device. | Aleos | 8.8 | ||
| 2022-12-26 | CVE-2019-11851 | The ACENet service in Sierra Wireless ALEOS before 4.4.9, 4.5.x through 4.9.x before 4.9.5, and 4.10.x through 4.13.x before 4.14.0 allows remote attackers to execute arbitrary code via a buffer overflow. | Aleos | 9.8 | ||
| 2020-08-21 | CVE-2019-11852 | An out-of-bounds reads vulnerability exists in the ACEView Service of ALEOS before 4.13.0, 4.9.5, and 4.4.9. Sensitive information may be disclosed via the ACEviewservice, accessible by default on the LAN. | Aleos | 9.1 | ||
| 2020-10-06 | CVE-2020-8782 | Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution. | Aleos | 9.8 | ||
| 2020-08-21 | CVE-2019-11848 | An API abuse vulnerability exists in the AT command API of ALEOS before 4.13.0, 4.9.5, 4.4.9 due to lack of length checking when handling certain user-provided values. | Aleos | 7.2 | ||
| 2020-08-21 | CVE-2019-11849 | A stack overflow vulnerabiltity exists in the AT command APIs of ALEOS before 4.11.0. The vulnerability may allow code execution. | Aleos | 6.7 | ||
| 2020-08-21 | CVE-2019-11850 | A stack overflow vulnerabiltity exist in the AT command interface of ALEOS before 4.11.0. The vulnerability may allow code execution | Aleos | 6.7 | ||
| 2020-08-21 | CVE-2019-11853 | Several potential command injections vulnerabilities exist in the AT command interface of ALEOS before 4.11.0, and 4.9.4. | Aleos | 7.2 | ||
| 2020-08-21 | CVE-2019-11855 | An RPC server is enabled by default on the gateway's LAN of ALEOS before 4.12.0, 4.9.5, and 4.4.9. | Aleos | 9.8 | ||
| 2020-08-21 | CVE-2019-11856 | A nonce reuse vulnerability exists in the ACEView service of ALEOS before 4.13.0, 4.9.5, and 4.4.9 allowing message replay. Captured traffic to the ACEView service can be replayed to other gateways sharing the same credentials. | Aleos | 3.8 |