CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2019-11851

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1000%
EPSS Percentile39.46th
Published2022年12月26日
Last Modified2025年4月16日

Vulnerability Description

The ACENet service in Sierra Wireless ALEOS before 4.4.9, 4.5.x through 4.9.x before 4.9.5, and 4.10.x through 4.13.x before 4.14.0 allows remote attackers to execute arbitrary code via a buffer overflow.

Affected Platforms (CPE)

💻
Sierrawireless

Aleos

>= 4.10.0 and < 4.14.0
💻
Sierrawireless

Aleos

>= 4.5.0 and < 4.9.5
💻
Sierrawireless

Aleos

< 4.4.9

References & Advisories

🔗 http://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2021-001.ashx
🔗 https://www.sierrawireless.com/company/security/
🔗 http://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2021-001.ashx
🔗 https://www.sierrawireless.com/company/security/

相關漏洞威脅

CVE-2015-289710.0

Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote...

CVE-2016-50669.8

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.

CVE-2016-50659.8

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection.

CVE-2016-50689.8

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests.