← Back

Aleos Firmware

aleos_firmware

Vendor: Sierrawireless • 7 CVEs

CVEs (7)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2016-5071
1Sierrawireless
1Aleos Firmware
May 13, 2026
Apr 10, 2017
N/A· v4
8.8 HIGH· v3
10.0 HIGH· v2
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root.
CVE-2016-5070
1Sierrawireless
1Aleos Firmware
May 13, 2026
Apr 10, 2017
N/A· v4
9.8 CRITICAL· v3
5.0 MEDIUM· v2
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext.
CVE-2016-5069
1Sierrawireless
1Aleos Firmware
May 13, 2026
Apr 10, 2017
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL.
CVE-2016-5068
1Sierrawireless
1Aleos Firmware
May 13, 2026
Apr 10, 2017
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests.
CVE-2016-5067
1Sierrawireless
1Aleos Firmware
May 13, 2026
Apr 10, 2017
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection.
CVE-2016-5066
1Sierrawireless
1Aleos Firmware
May 13, 2026
Apr 10, 2017
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.
CVE-2016-5065
1Sierrawireless
1Aleos Firmware
May 13, 2026
Apr 10, 2017
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection.