Sierra Wireless Airlink GX450

CPE Details

Sierra Wireless Airlink GX450
sierrawireless
airlink_gx450
-
2020-10-08
11h33 +00:00
2020-10-08
11h33 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:h:sierrawireless:airlink_gx450:-:*:*:*:*:*:*:*

Informations

Vendor

sierrawireless

Product

airlink_gx450

Version

-

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2020-8782 2020-10-06 13h54 +00:00 Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution.
9.8
Critique
CVE-2020-8781 2020-10-06 11h50 +00:00 Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 and later allow an escalation to root from a low-privilege process.
7.8
Haute
CVE-2019-11862 2020-08-21 18h53 +00:00 The SSH service on ALEOS before 4.12.0, 4.9.5, 4.4.9 allows traffic proxying.
8.4
Haute
CVE-2019-11858 2020-08-21 18h52 +00:00 Multiple buffer overflow vulnerabilities exist in the AceManager Web API of ALEOS before 4.13.0, 4.9.5, and 4.4.9.
7.2
Haute
CVE-2019-11853 2020-08-21 18h52 +00:00 Several potential command injections vulnerabilities exist in the AT command interface of ALEOS before 4.11.0, and 4.9.4.
7.2
Haute
CVE-2019-11859 2020-08-21 18h51 +00:00 A buffer overflow exists in the SMS handler API of ALEOS before 4.13.0, 4.9.5, 4.9.4 that may allow code execution as root.
8.8
Haute
CVE-2019-11857 2020-08-21 18h50 +00:00 Lack of input sanitization in AceManager of ALEOS before 4.12.0, 4.9.5 and 4.4.9 allows disclosure of sensitive system information.
9.1
Critique
CVE-2019-11856 2020-08-21 18h49 +00:00 A nonce reuse vulnerability exists in the ACEView service of ALEOS before 4.13.0, 4.9.5, and 4.4.9 allowing message replay. Captured traffic to the ACEView service can be replayed to other gateways sharing the same credentials.
3.8
Bas
CVE-2019-11855 2020-08-21 18h47 +00:00 An RPC server is enabled by default on the gateway's LAN of ALEOS before 4.12.0, 4.9.5, and 4.4.9.
9.8
Critique
CVE-2019-11852 2020-08-21 18h45 +00:00 An out-of-bounds reads vulnerability exists in the ACEView Service of ALEOS before 4.13.0, 4.9.5, and 4.4.9. Sensitive information may be disclosed via the ACEviewservice, accessible by default on the LAN.
9.1
Critique
CVE-2019-11848 2020-08-21 18h44 +00:00 An API abuse vulnerability exists in the AT command API of ALEOS before 4.13.0, 4.9.5, 4.4.9 due to lack of length checking when handling certain user-provided values.
7.2
Haute
CVE-2019-11847 2020-08-21 18h40 +00:00 An improper privilege management vulnerabitlity exists in ALEOS before 4.11.0, 4.9.4 and 4.4.9. An authenticated user can escalate to root via the command shell.
7.8
Haute
CVE-2015-2897 2015-08-07 23h00 +00:00 Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote attackers to obtain administrative access via a (1) SSH or (2) TELNET session.
10
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.