Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Aleos
(Sierrawireless)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 29 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-12-04 | CVE-2023-40464 | Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded SSL certificate and private key. An attacker with access to these items could potentially perform a man in the middle attack between the ACEManager client and ACEManager server. | Aleos | 6.8 | ||
| 2023-12-04 | CVE-2023-40465 | Several versions of ALEOS, including ALEOS 4.16.0, include an opensource third-party component which can be exploited from the local area network, resulting in a Denial of Service condition for the captive portal. | Aleos | 5.5 | ||
| 2023-12-25 | CVE-2023-38321 | OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference, daemon crash, and Captive Portal outage) via a GET request to /opennds_auth/ that lacks a custom query string parameter and client-token. | Aleos | 7.5 | ||
| 2022-12-26 | CVE-2019-11851 | The ACENet service in Sierra Wireless ALEOS before 4.4.9, 4.5.x through 4.9.x before 4.9.5, and 4.10.x through 4.13.x before 4.14.0 allows remote attackers to execute arbitrary code via a buffer overflow. | Aleos | 9.8 | ||
| 2020-08-21 | CVE-2019-11852 | An out-of-bounds reads vulnerability exists in the ACEView Service of ALEOS before 4.13.0, 4.9.5, and 4.4.9. Sensitive information may be disclosed via the ACEviewservice, accessible by default on the LAN. | Aleos | 9.1 | ||
| 2020-08-21 | CVE-2019-11848 | An API abuse vulnerability exists in the AT command API of ALEOS before 4.13.0, 4.9.5, 4.4.9 due to lack of length checking when handling certain user-provided values. | Aleos | 7.2 | ||
| 2020-08-21 | CVE-2019-11849 | A stack overflow vulnerabiltity exists in the AT command APIs of ALEOS before 4.11.0. The vulnerability may allow code execution. | Aleos | 6.7 | ||
| 2020-08-21 | CVE-2019-11850 | A stack overflow vulnerabiltity exist in the AT command interface of ALEOS before 4.11.0. The vulnerability may allow code execution | Aleos | 6.7 | ||
| 2020-08-21 | CVE-2019-11853 | Several potential command injections vulnerabilities exist in the AT command interface of ALEOS before 4.11.0, and 4.9.4. | Aleos | 7.2 | ||
| 2020-08-21 | CVE-2019-11855 | An RPC server is enabled by default on the gateway's LAN of ALEOS before 4.12.0, 4.9.5, and 4.4.9. | Aleos | 9.8 |