Sierra Wireless AirLink with ALEOS firmware

RISK EVALUATION. Successful exploitation of these vulnerabilities could allow an attacker to perform remote code execution to take full control of the device, steal credentials through a cross site scripting attack, or crash the device being accessed through a denial-of-service attack.
Loop with Unreachable Exit Condition vulnerability in Sierra Wireless, Inc ALEOS could potentially allow a remote attacker to trigger a Denial-of-Service condition for ACEManager without impairing other router functions.
CVE-2023-40458 has been assigned to this vulnerability.
The ACEManager component of ALEOS 4.16 and earlier does not adequately perform input sanitization during authentication, which could potentially result in a Denial-of-Service condition for ACEManager without impairing other router functions.
ACEManager recovers from the DoS condition by restarting within ten seconds of becoming unavailable.
CVE-2023-40459 has been assigned to this vulnerability.
The ACEManager component of ALEOS 4.16 and earlier does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within ACEManager, altering the device functionality until the device is restarted.
CVE-2023-40460 has been assigned to this vulnerability.
The ACEManager component of ALEOS 4.16 and earlier allows an authenticated user with Administrator privileges to access a file upload field which does not fully validate the file name, creating a Stored Cross-Site Scripting condition.
CVE-2023-40461 has been assigned to this vulnerability.
The ACEManager component of ALEOS 4.16 and earlier does not perform input sanitization during authentication, which could potentially result in a Denial-of-Service condition for ACEManager without impairing other router functions.
CVE-2023-40462 has been assigned to this vulnerability.
When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and earlier store the SHA512 hash of the common root password for that version in a directory accessible to a user with root privileges or equivalent access.
CVE-2023-40463 has been assigned to this vulnerability.
Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded SSL certificate and private key.
An attacker with access to these items could potentially perform a man in the middle attack between the ACEManager client and ACEManager server.
CVE-2023-40464 has been assigned to this vulnerability.
3.4 RESEARCHER. Daniel dos Santos and Stanislav Dashevskyi of Forescout Technologies reported these vulnerabilities to CISA. 4.
When remote access is required, use more secure methods, such as Virtual Private Networks, recognizing VPNs may have vulnerabilities and should be updated to the most current version available.
No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

This Cyber News was published on www.cisa.gov. Publication date: Thu, 07 Dec 2023 17:00:27 +0000

Cyber News related to Sierra Wireless AirLink with ALEOS firmware

CVE-2022-40966 - Authentication bypass vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to bypass authentication and access the device. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, ...
2 years ago

Sierra Wireless AirLink with ALEOS firmware - RISK EVALUATION. Successful exploitation of these vulnerabilities could allow an attacker to perform remote code execution to take full control of the device, steal credentials through a cross site scripting attack, or crash the device being accessed ...
1 year ago Cisa.gov CVE-2023-40458 CVE-2023-40459 CVE-2023-40460 CVE-2023-40461 CVE-2023-40462 CVE-2023-40463 CVE-2023-40464

"Sierra:21" vulnerabilities impact critical infrastructure routers - A set of 21 newly discovered vulnerabilities impact Sierra OT/IoT routers and threaten critical infrastructure with remote code execution, unauthorized access, cross-site scripting, authentication bypass, and denial of service attacks. The flaws ...
1 year ago Bleepingcomputer.com

CVE-2022-39044 - Hidden functionality vulnerability in multiple Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 ...
2 years ago

21 Vulnerabilities in Sierra Wireless Routers Could Expose Critical Infrastructure to Attacks - Some Sierra Wireless cellular routers are affected by 21 vulnerabilities, including ones that could pose a significant risk to impacted organizations, including in critical infrastructure sectors, according to network security and risk management ...
1 year ago Securityweek.com

CVE-2018-0688 - Open redirect vulnerability in SEIKO EPSON printers and scanners (DS-570W firmware versions released prior to 2018 March 13, DS-780N firmware versions released prior to 2018 March 13, EP-10VA firmware versions released prior to 2017 September 4, ...
6 years ago

CVE-2018-0689 - HTTP header injection vulnerability in SEIKO EPSON printers and scanners (DS-570W firmware versions released prior to 2018 March 13, DS-780N firmware versions released prior to 2018 March 13, EP-10VA firmware versions released prior to 2017 September ...
6 years ago

Wireless Visibility: The MUST for Zero Trust - Without addressing the wireless problem, our Zero Trust posture is incomplete. Wireless devices number in the tens of billions worldwide, and their presence continues to grow. All of these devices have the potential to connect to our networks in some ...
1 year ago Cybersecurity-insiders.com

CVE-2019-5995 - Missing authorization vulnerability exists in EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version ...
4 years ago

CVE-2019-6001 - Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware ...
5 years ago

CVE-2019-5994 - Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware ...
5 years ago

CVE-2019-5999 - Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware ...
4 years ago

CVE-2019-6000 - Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware ...
4 years ago

CVE-2019-5998 - Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware ...
4 years ago

CVE-2021-20716 - Hidden functionality in multiple Buffalo network devices (BHR-4RV firmware Ver.2.55 and prior, FS-G54 firmware Ver.2.04 and prior, WBR2-B11 firmware Ver.2.32 and prior, WBR2-G54 firmware Ver.2.32 and prior, WBR2-G54-KD firmware Ver.2.32 and prior, ...
4 years ago

Exploring EMBA: Unraveling Firmware Security with Confidence - Firmware security analysis is a critical aspect of modern cybersecurity. In this article, we delve into EMBA, a powerful open-source firmware security analysis tool. We'll explore its history, compare it to similar software projects, list its useful ...
1 year ago Securityboulevard.com

Wireless Network Security: Safeguarding Your Digital Haven - As the ubiquity of wireless networks grows, so does the need for proper security measures to protect home networks from malicious attacks. Ensuring secure connections and maintaining a safe online environment requires a comprehensive understanding of ...
1 year ago Securityzap.com

CVE-2021-3512 - Improper access control vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300 firmware ...
2 years ago

CVE-2021-3511 - Disclosure of sensitive information to an unauthorized user vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware ...
2 years ago

CVE-2022-49235 - In the Linux kernel, the following vulnerability has been resolved: ...
3 months ago

CVE-2022-30426 - There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. An attack could exploit this vulnerability to escalate privilege from ring 3 to ring 0, and hijack control flow ...
2 years ago

CVE-2025-21910 - In the Linux kernel, the following vulnerability has been resolved: ...
1 month ago

CVE-2019-5985 - Cross-site scripting vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, ...
5 years ago

CVE-2019-5986 - Cross-site request forgery (CSRF) vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, ...
5 years ago