Sierra Wireless Airlink ES440

CPE Details

Sierra Wireless Airlink ES440
sierrawireless
airlink_es440
-
2020-10-08
11h33 +00:00
2020-10-08
11h33 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:h:sierrawireless:airlink_es440:-:*:*:*:*:*:*:*

Informations

Vendor

sierrawireless

Product

airlink_es440

Version

-

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2020-8782 2020-10-06 13h54 +00:00 Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution.
9.8
Critical
CVE-2020-8781 2020-10-06 11h50 +00:00 Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 and later allow an escalation to root from a low-privilege process.
7.8
High
CVE-2019-11862 2020-08-21 18h53 +00:00 The SSH service on ALEOS before 4.12.0, 4.9.5, 4.4.9 allows traffic proxying.
8.4
High
CVE-2019-11858 2020-08-21 18h52 +00:00 Multiple buffer overflow vulnerabilities exist in the AceManager Web API of ALEOS before 4.13.0, 4.9.5, and 4.4.9.
7.2
High
CVE-2019-11859 2020-08-21 18h51 +00:00 A buffer overflow exists in the SMS handler API of ALEOS before 4.13.0, 4.9.5, 4.9.4 that may allow code execution as root.
8.8
High
CVE-2019-11857 2020-08-21 18h50 +00:00 Lack of input sanitization in AceManager of ALEOS before 4.12.0, 4.9.5 and 4.4.9 allows disclosure of sensitive system information.
9.1
Critical
CVE-2019-11856 2020-08-21 18h49 +00:00 A nonce reuse vulnerability exists in the ACEView service of ALEOS before 4.13.0, 4.9.5, and 4.4.9 allowing message replay. Captured traffic to the ACEView service can be replayed to other gateways sharing the same credentials.
3.8
Low
CVE-2019-11855 2020-08-21 18h47 +00:00 An RPC server is enabled by default on the gateway's LAN of ALEOS before 4.12.0, 4.9.5, and 4.4.9.
9.8
Critical
CVE-2019-11852 2020-08-21 18h45 +00:00 An out-of-bounds reads vulnerability exists in the ACEView Service of ALEOS before 4.13.0, 4.9.5, and 4.4.9. Sensitive information may be disclosed via the ACEviewservice, accessible by default on the LAN.
9.1
Critical
CVE-2019-11848 2020-08-21 18h44 +00:00 An API abuse vulnerability exists in the AT command API of ALEOS before 4.13.0, 4.9.5, 4.4.9 due to lack of length checking when handling certain user-provided values.
7.2
High
CVE-2019-11847 2020-08-21 18h40 +00:00 An improper privilege management vulnerabitlity exists in ALEOS before 4.11.0, 4.9.4 and 4.4.9. An authenticated user can escalate to root via the command shell.
7.8
High
CVE-2015-2897 2015-08-07 23h00 +00:00 Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote attackers to obtain administrative access via a (1) SSH or (2) TELNET session.
10
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.