CVE-2015-2897

Published: Aug 8, 2015Modified: May 6, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote attackers to obtain administrative access via a (1) SSH or (2) TELNET session.

Affected (1)

Products: Sierrawireless: Aleos

Sierrawireless

1 product

Aleos

Configuration A

1 vulnerable · 5 platform

Vulnerable Software	Affected Versions
Sierrawireless Aleos	Up to 4.4.1

Running on/with	Platform Versions
Sierrawireless Airlink Es440	All versions
Sierrawireless Airlink Es450	All versions
Sierrawireless Airlink Gx440	All versions
Sierrawireless Airlink Gx450	All versions
Sierrawireless Airlink Ls300	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

http://www.kb.cert.org/vuls/id/628568

Source: cret@cert.org

Third Party AdvisoryUS Government Resource

http://www.kb.cert.org/vuls/id/628568

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.