Sierrawireless : Security Vulnerabilities, CVEs, (Overflow)
Several versions of
ALEOS, including ALEOS 4.16.0, include an opensource
third-party
component which can be exploited from the local
area network,
resulting in a Denial of Service condition for the captive portal.
Max CVSS
8.3
EPSS Score
0.04%
Published
2023-12-04
Updated
2023-12-08
A buffer overflow exists in the SMS handler API of ALEOS before 4.13.0, 4.9.5, 4.9.4 that may allow code execution as root.
Max CVSS
9.0
EPSS Score
0.11%
Published
2020-08-21
Updated
2022-02-09
Multiple buffer overflow vulnerabilities exist in the AceManager Web API of ALEOS before 4.13.0, 4.9.5, and 4.4.9.
Max CVSS
7.2
EPSS Score
0.11%
Published
2020-08-21
Updated
2022-02-09
The ACENet service in Sierra Wireless ALEOS before 4.4.9, 4.5.x through 4.9.x before 4.9.5, and 4.10.x through 4.13.x before 4.14.0 allows remote attackers to execute arbitrary code via a buffer overflow.
Max CVSS
9.8
EPSS Score
0.64%
Published
2022-12-26
Updated
2023-01-06
4 vulnerabilities found