CVE-2015-2897

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0240%

EPSS Percentile32.66th

Published2015年8月8日

Last Modified2026年5月6日

Vulnerability Description

Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote attackers to obtain administrative access via a (1) SSH or (2) TELNET session.

Affected Platforms (CPE)

📦

Sierrawireless

Aleos

<= 4.4.1

References & Advisories

🔗 http://www.kb.cert.org/vuls/id/628568

関連する脆弱性情報

CVE-2016-50659.8

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection.

CVE-2016-50669.8

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.

CVE-2019-118519.8

The ACENet service in Sierra Wireless ALEOS before 4.4.9, 4.5.x through 4.9.x before 4.9.5, and 4.10.x through 4.13.x before 4.14....

CVE-2016-50689.8

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests.