RSS   Vulnerabilities for 'Aleos firmware'   RSS

2017-04-09
 
CVE-2016-5071

 

 
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root.

 
 
CVE-2016-5070

 

 
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext.

 
 
CVE-2016-5069

 

 
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL.

 
 
CVE-2016-5068

 

 
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests.

 
 
CVE-2016-5067

 

 
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection.

 
 
CVE-2016-5066

 

 
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.

 
 
CVE-2016-5065

 

 
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection.

 

 >>> Vendor: Sierrawireless 21 Products
Airlink mp at&t
Airlink mp at&t wifi
Airlink mp bell
Airlink mp bell wifi
Airlink mp row
Airlink mp row wifi
Airlink mp sprint
Airlink mp sprint wifi
Airlink mp telus
Airlink mp telus wifi
Airlink mp verizon
Airlink mp verizon wifi
Pinpoint x
Pinpoint xt
Raven x
Raven x ev-do
Raven xe
Raven xt
Raven x ev-do firmware
Aleos
Aleos firmware


Copyright 2017, cxsecurity.com