CyberSec.Space Logo
CVEブラウザに戻る

CVE-2016-5068

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0890%
EPSS Percentile27.79th
Published2017年4月10日
Last Modified2026年5月13日

Vulnerability Description

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests.

Affected Platforms (CPE)

💻
Sierrawireless

Aleos Firmware

= 4.3.2

References & Advisories

🔗 https://carvesystems.com/sierra-wireless-2016-advisory.html
🔗 https://carvesystems.com/sierra-wireless-2016-advisory.html

関連する脆弱性情報

CVE-2016-50659.8

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection.

CVE-2016-50669.8

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.

CVE-2016-50699.8

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL.

CVE-2016-50709.8

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext.