Sierrawireless Aleos Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Sierrawireless Aleos Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2016-5068 — CVSS 9.8 (critical): Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests.
CVE-2016-5066 — CVSS 9.8 (critical): Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.
CVE-2016-5069 — CVSS 9.8 (critical): Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL.