Known Vulnerabilities for products from Sierrawireless
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Sierrawireless".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Sierrawireless can be found at device.report : Sierrawireless
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2020-11101 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2022-12-26 | 2023-01-05 |
| CVE-2020-8948 | The Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP) before build 5043 allows an unprivileged user to overwrit... | 7.8 - HIGH | 2020-04-15 | 2021-07-21 |
| CVE-2020-8782 | Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution. | 9.8 - CRITICAL | 2020-10-06 | 2022-02-09 |
| CVE-2020-8781 | Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 and later allow an escalation to root from a low-privileg... | 7.8 - HIGH | 2020-10-06 | 2022-02-09 |
| CVE-2019-13988 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.5 - MEDIUM | 2022-12-26 | 2023-01-05 |
| CVE-2019-11862 | The SSH service on ALEOS before 4.12.0, 4.9.5, 4.4.9 allows traffic proxying. | 8.4 - HIGH | 2020-08-21 | 2021-07-21 |
| CVE-2019-11859 | A buffer overflow exists in the SMS handler API of ALEOS before 4.13.0, 4.9.5, 4.9.4 that may allow code execution as root. | 8.8 - HIGH | 2020-08-21 | 2022-02-09 |
| CVE-2019-11858 | Multiple buffer overflow vulnerabilities exist in the AceManager Web API of ALEOS before 4.13.0, 4.9.5, and 4.4.9. | 7.2 - HIGH | 2020-08-21 | 2022-02-09 |
| CVE-2019-11857 | Lack of input sanitization in AceManager of ALEOS before 4.12.0, 4.9.5 and 4.4.9 allows disclosure of sensitive system inform... | 4.9 - MEDIUM | 2020-08-21 | 2022-02-09 |
| CVE-2019-11856 | A nonce reuse vulnerability exists in the ACEView service of ALEOS before 4.13.0, 4.9.5, and 4.4.9 allowing message replay. C... | 3.8 - LOW | 2020-08-21 | 2022-02-09 |
| CVE-2019-11855 | An RPC server is enabled by default on the gateway's LAN of ALEOS before 4.12.0, 4.9.5, and 4.4.9. | 9.8 - CRITICAL | 2020-08-21 | 2022-02-09 |
| CVE-2019-11853 | Several potential command injections vulnerabilities exist in the AT command interface of ALEOS before 4.11.0, and 4.9.4. | 7.2 - HIGH | 2020-08-21 | 2022-02-09 |
| CVE-2019-11852 | An out-of-bounds reads vulnerability exists in the ACEView Service of ALEOS before 4.13.0, 4.9.5, and 4.4.9. Sensitive inform... | 9.1 - CRITICAL | 2020-08-21 | 2022-02-09 |
| CVE-2019-11851 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2022-12-26 | 2023-01-06 |
| CVE-2019-11850 | A stack overflow vulnerabiltity exist in the AT command interface of ALEOS before 4.11.0. The vulnerability may allow code ex... | 6.7 - MEDIUM | 2020-08-21 | 2022-02-09 |
| CVE-2019-11849 | A stack overflow vulnerabiltity exists in the AT command APIs of ALEOS before 4.11.0. The vulnerability may allow code execut... | 6.7 - MEDIUM | 2020-08-21 | 2022-02-09 |
| CVE-2019-11848 | An API abuse vulnerability exists in the AT command API of ALEOS before 4.13.0, 4.9.5, 4.4.9 due to lack of length checking w... | 7.2 - HIGH | 2020-08-21 | 2022-02-09 |
| CVE-2019-11847 | An improper privilege management vulnerabitlity exists in ALEOS before 4.11.0, 4.9.4 and 4.4.9. An authenticated user can esc... | 7.8 - HIGH | 2020-08-21 | 2020-10-19 |
| CVE-2018-10251 | A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.7 and GX450, ES450... | 9.8 - CRITICAL | 2018-05-04 | 2019-10-03 |
| CVE-2018-4073 | An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra W... | 8.8 - HIGH | 2019-05-06 | 2019-10-03 |
Known software with vulnerabilities from Sierrawireless
| Type | Vendor | Product | Version |
|---|---|---|---|
| Hardware | Sierrawireless | Airlink Es440 | - |
| Hardware | Sierrawireless | Airlink Es450 | - |
| Operating System | Sierrawireless | Airlink Es450 Firmware | 4.9.3 |
| Hardware | Sierrawireless | Airlink Gx400 | - |
| Hardware | Sierrawireless | Airlink Gx440 | - |
| Hardware | Sierrawireless | Airlink Gx450 | - |
| Hardware | Sierrawireless | Airlink Ls300 | - |
| Hardware | Sierrawireless | Airlink Lx40 | - |
| Hardware | Sierrawireless | Airlink Lx60 | - |
| Hardware | Sierrawireless | Airlink Mg90 | - |
| Hardware | Sierrawireless | Airlink Mp Atampt | - |
| Hardware | Sierrawireless | Airlink Mp Atampt Wifi | - |
| Hardware | Sierrawireless | Airlink Mp Bell | - |
| Hardware | Sierrawireless | Airlink Mp Bell Wifi | - |
| Hardware | Sierrawireless | Airlink Mp Row | - |
| Hardware | Sierrawireless | Airlink Mp Row Wifi | - |
| Hardware | Sierrawireless | Airlink Mp Sprint | - |
| Hardware | Sierrawireless | Airlink Mp Sprint Wifi | - |
| Hardware | Sierrawireless | Airlink Mp Telus | - |
| Hardware | Sierrawireless | Airlink Mp Telus Wifi | - |