← Back

Sierrawireless

sierrawireless

56 CVEs • 67 products

Products (67)

Click to collapse
Toggle
Aleos
aleos
30 CVEs
Airlink Es450 Firmware
airlink_es450_firmware
12 CVEs
Aleos Firmware
aleos_firmware
7 CVEs
Raven X Ev Do Firmware
raven_x_ev-do_firmware
2 CVEs
Airlink Mp At&t
airlink_mp_at&t
2 CVEs
Airlink Mp At&t Wifi
airlink_mp_at&t_wifi
2 CVEs
Airlink Mp Bell
airlink_mp_bell
2 CVEs
Airlink Mp Bell Wifi
airlink_mp_bell_wifi
2 CVEs
Airlink Mp Row
airlink_mp_row
2 CVEs
Airlink Mp Row Wifi
airlink_mp_row_wifi
2 CVEs
Airlink Mp Sprint
airlink_mp_sprint
2 CVEs
Airlink Mp Sprint Wifi
airlink_mp_sprint_wifi
2 CVEs
Airlink Mp Telus
airlink_mp_telus
2 CVEs
Airlink Mp Telus Wifi
airlink_mp_telus_wifi
2 CVEs
Airlink Mp Verizon
airlink_mp_verizon
2 CVEs
Airlink Mp Verizon Wifi
airlink_mp_verizon_wifi
2 CVEs
Pinpoint X
pinpoint_x
2 CVEs
Pinpoint Xt
pinpoint_xt
2 CVEs
Raven X
raven_x
2 CVEs
Raven X Ev Do
raven_x_ev-do
2 CVEs
Raven Xe
raven_xe
2 CVEs
Raven Xt
raven_xt
2 CVEs
Sierra Wireless Em7345 Software
sierra_wireless_em7345_software
1 CVE
Sierra Wireless Em7455 Software
sierra_wireless_em7455_software
1 CVE
Sierra Wireless Location Sensor Driver
sierra_wireless_location_sensor_driver
1 CVE
Gx440 Firmware
gx440_firmware
1 CVE
Es440 Firmware
es440_firmware
1 CVE
Ls300 Firmware
ls300_firmware
1 CVE
Gx400 Firmware
gx400_firmware
1 CVE
Es450 Firmware
es450_firmware
1 CVE
Rv50 Firmware
rv50_firmware
1 CVE
Rv50x Firmware
rv50x_firmware
1 CVE
Mp70 Firmware
mp70_firmware
1 CVE
Mp70e Firmware
mp70e_firmware
1 CVE
Gx450 Firmware
gx450_firmware
1 CVE
Mobile Broadband Driver Package
mobile_broadband_driver_package
1 CVE
Airlink Mobility Manager
airlink_mobility_manager
1 CVE
Mgos
mgos
1 CVE
Airlink Es440
airlink_es440
0 CVEs
Airlink Es450
airlink_es450
0 CVEs
Airlink Gx440
airlink_gx440
0 CVEs
Airlink Gx450
airlink_gx450
0 CVEs
Airlink Ls300
airlink_ls300
0 CVEs
Es440
es440
0 CVEs
Es450
es450
0 CVEs
Gx400
gx400
0 CVEs
Gx440
gx440
0 CVEs
Gx450
gx450
0 CVEs
Ls300
ls300
0 CVEs
Gx 440
gx_440
0 CVEs
Rv50
rv50
0 CVEs
Rv50x
rv50x
0 CVEs
Mp70
mp70
0 CVEs
Mp70e
mp70e
0 CVEs
Airlink Gx400
airlink_gx400
0 CVEs
Airlink Lx40
airlink_lx40
0 CVEs
Airlink Lx60
airlink_lx60
0 CVEs
Airlink Mp70
airlink_mp70
0 CVEs
Airlink Mp70e
airlink_mp70e
0 CVEs
Airlink Rv50
airlink_rv50
0 CVEs
Airlink Rv50x
airlink_rv50x
0 CVEs
Airlink Rv55
airlink_rv55
0 CVEs
Airlink Mg90
airlink_mg90
0 CVEs
Airlink Omg2000
airlink_omg2000
0 CVEs
Lx40
lx40
0 CVEs
Lx60
lx60
0 CVEs
Rv55
rv55
0 CVEs

CVEs (56)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2018-4068
1Sierrawireless
1Airlink Es450 Firmware
Nov 21, 2024
May 6, 2019
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
An exploitable information disclosure vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A HTTP request can result in disclosure of the default configuration for the device. A...Show more
An exploitable information disclosure vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A HTTP request can result in disclosure of the default configuration for the device. An attacker can send an unauthenticated HTTP request to trigger this vulnerability.Show less
CVE-2018-4061
1Sierrawireless
1Airlink Es450 Firmware
Nov 21, 2024
May 6, 2019
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in...Show more
An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HTTP request to trigger this vulnerability.Show less
CVE-2018-10251
1Sierrawireless
1Aleos
Nov 21, 2024
May 4, 2018
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.7 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9.3 could allow an unauthenticate...Show more
A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.7 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9.3 could allow an unauthenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges.Show less
CVE-2017-15043
1Sierrawireless
10Es440 Firmware
Es450 FirmwareGx400 Firmware+7 more
Nov 21, 2024
May 4, 2018
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.5 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9 could allow an authenticated re...Show more
A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.5 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9 could allow an authenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. This vulnerability is due to insufficient input validation on user-controlled input in an HTTP request to the targeted device. An attacker in possession of router login credentials could exploit this vulnerability by sending a crafted HTTP request to an affected system.Show less
CVE-2017-9247
1Sierrawireless
3Sierra Wireless Em7345 Software
Sierra Wireless Em7455 SoftwareSierra Wireless Location Sensor Driver
May 13, 2026
Aug 2, 2017
N/A· v4
7.8 HIGH· v3
4.6 MEDIUM· v2
Multiple unquoted service path vulnerabilities in Sierra Wireless Windows Mobile Broadband Driver Package (MBDP) with build ID < 4657 allows local users to launch processes with elevated privileges.
CVE-2016-5071
1Sierrawireless
1Aleos Firmware
May 13, 2026
Apr 10, 2017
N/A· v4
8.8 HIGH· v3
10.0 HIGH· v2
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root.
CVE-2016-5070
1Sierrawireless
1Aleos Firmware
May 13, 2026
Apr 10, 2017
N/A· v4
9.8 CRITICAL· v3
5.0 MEDIUM· v2
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext.
CVE-2016-5069
1Sierrawireless
1Aleos Firmware
May 13, 2026
Apr 10, 2017
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL.
CVE-2016-5068
1Sierrawireless
1Aleos Firmware
May 13, 2026
Apr 10, 2017
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests.
CVE-2016-5067
1Sierrawireless
1Aleos Firmware
May 13, 2026
Apr 10, 2017
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection.
CVE-2016-5066
1Sierrawireless
1Aleos Firmware
May 13, 2026
Apr 10, 2017
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.
CVE-2016-5065
1Sierrawireless
1Aleos Firmware
May 13, 2026
Apr 10, 2017
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection.
CVE-2015-6479
1Sierrawireless
1Aleos
May 6, 2026
Apr 21, 2016
N/A· v4
4.3 MEDIUM· v3
4.3 MEDIUM· v2
ACEmanager in Sierra Wireless ALEOS 4.4.2 and earlier on ES440, ES450, GX400, GX440, GX450, and LS300 devices allows remote attackers to read the filteredlogs.txt file, and consequently discover potentially sensitive boo...Show more
ACEmanager in Sierra Wireless ALEOS 4.4.2 and earlier on ES440, ES450, GX400, GX440, GX450, and LS300 devices allows remote attackers to read the filteredlogs.txt file, and consequently discover potentially sensitive boot-sequence information, via unspecified vectors.Show less
CVE-2015-2897
1Sierrawireless
1Aleos
May 6, 2026
Aug 8, 2015
N/A· v4
N/A· v3
10.0 HIGH· v2
Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote attackers to obtain administrative access via a (1) SSH or (2) TELNET session.
CVE-2013-2820
1Sierrawireless
19Airlink Mp At&t
Airlink Mp At&t WifiAirlink Mp Bell+16 more
Apr 29, 2026
Jan 15, 2014
N/A· v4
N/A· v3
10.0 HIGH· v2
The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to reprogram the firmware via a replay attack using UDP ports 17336 and 17388.
CVE-2013-2819
1Sierrawireless
19Airlink Mp At&t
Airlink Mp At&t WifiAirlink Mp Bell+16 more
Apr 29, 2026
Jan 15, 2014
N/A· v4
N/A· v3
9.3 HIGH· v2
The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to install Trojan horse firmware by leveraging cleartext credentials in a crafted (1) update or (2) reprogramm...Show more
The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to install Trojan horse firmware by leveraging cleartext credentials in a crafted (1) update or (2) reprogramming action.Show less