CVE-2015-2897

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0240%

EPSS Percentile32.66th

PublishedAug 8, 2015

Last ModifiedMay 6, 2026

Vulnerability Description

Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote attackers to obtain administrative access via a (1) SSH or (2) TELNET session.

Affected Platforms (CPE)

📦

Sierrawireless

Aleos

<= 4.4.1

References & Advisories

🔗 http://www.kb.cert.org/vuls/id/628568

Related Vulnerabilities

CVE-2016-50659.8

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection.

CVE-2016-50669.8

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.

CVE-2019-118519.8

The ACENet service in Sierra Wireless ALEOS before 4.4.9, 4.5.x through 4.9.x before 4.9.5, and 4.10.x through 4.13.x before 4.14....

CVE-2016-50689.8

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests.