OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference, daemon crash, and Captive Portal outage) via a GET request to /opennds_auth/ that lacks a custom query string parameter and client-token.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HSierrawireless Aleos
OSSierrawireless< 4.17.0.12Sierrawireless Lx40
HWSierrawirelesswszystkie wersjeSierrawireless Lx60
HWSierrawirelesswszystkie wersjeSierrawireless Mp70
HWSierrawirelesswszystkie wersjeSierrawireless Rv50x
HWSierrawirelesswszystkie wersjeSierrawireless Rv55
HWSierrawirelesswszystkie wersje
Related vulnerabilities
The ACENet service in Sierra Wireless ALEOS before 4.4.9, 4.5.x through 4.9.x before 4.9.5, and 4.10.x through...
Lack of input sanitization in AceManager of ALEOS before 4.12.0, 4.9.5 and 4.4.9 allows disclosure of sensitiv...
A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.7 a...
An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless A...
The ACEManager component of ALEOS 4.16 and earlier does not adequately perform input sanitization dur...