CyberSec.Space Logo
Back to CVE Browser

CVE-2019-11851

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1000%
EPSS Percentile39.46th
PublishedDec 26, 2022
Last ModifiedApr 16, 2025

Vulnerability Description

The ACENet service in Sierra Wireless ALEOS before 4.4.9, 4.5.x through 4.9.x before 4.9.5, and 4.10.x through 4.13.x before 4.14.0 allows remote attackers to execute arbitrary code via a buffer overflow.

Affected Platforms (CPE)

πŸ’»
Sierrawireless

Aleos

>= 4.10.0 and < 4.14.0
πŸ’»
Sierrawireless

Aleos

>= 4.5.0 and < 4.9.5
πŸ’»
Sierrawireless

Aleos

< 4.4.9

References & Advisories

πŸ”— http://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2021-001.ashx
πŸ”— https://www.sierrawireless.com/company/security/
πŸ”— http://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2021-001.ashx
πŸ”— https://www.sierrawireless.com/company/security/

Related Vulnerabilities

CVE-2015-289710.0

Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote...

CVE-2016-50669.8

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.

CVE-2016-50659.8

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection.

CVE-2016-50689.8

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests.