Lack of input sanitization in AceManager of ALEOS before 4.12.0, 4.9.5 and 4.4.9 allows disclosure of sensitive system information.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HSierrawireless Airlink Es440
HWSierrawirelesswszystkie wersjeSierrawireless Airlink Es450
HWSierrawirelesswszystkie wersjeSierrawireless Airlink Gx400
HWSierrawirelesswszystkie wersjeSierrawireless Airlink Gx440
HWSierrawirelesswszystkie wersjeSierrawireless Airlink Gx450
HWSierrawirelesswszystkie wersjeSierrawireless Airlink Ls300
HWSierrawirelesswszystkie wersjeSierrawireless Airlink Lx40
HWSierrawirelesswszystkie wersjeSierrawireless Airlink Lx60
HWSierrawirelesswszystkie wersjeSierrawireless Airlink Mp70
HWSierrawirelesswszystkie wersjeSierrawireless Airlink Mp70e
HWSierrawirelesswszystkie wersjeSierrawireless Airlink Rv50
HWSierrawirelesswszystkie wersjeSierrawireless Airlink Rv50x
HWSierrawirelesswszystkie wersjeSierrawireless Aleos
OSSierrawireless≤ 4.9.4< 4.12.0≤ 4.4.8
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Powiązane podatności
CVE-2019-11851CRITICAL9.8ten sam produkt
The ACENet service in Sierra Wireless ALEOS before 4.4.9, 4.5.x through 4.9.x before 4.9.5, and 4.10.x through...
CVE-2018-10251CRITICAL9.8ten sam produkt
A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.7 a...
CVE-2018-4063HIGH8.8⚠ KEVten sam produkt
An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless A...
CVE-2023-38321HIGH7.5ten sam produkt
OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to caus...
CVE-2023-40459HIGH7.5ten sam produkt
The ACEManager component of ALEOS 4.16 and earlier does not adequately perform input sanitization dur...