Weak Password Vulnerability in Sierra Wireless GX 440 Devices
CVE-2016-5066

9.8CRITICAL

Key Information:

Vendor: Sierrawireless
Status: Sierra Wireless Gx 440 Devices With Aleos Firmware 4.3.2
Vendor: CVE Published:; 10 April 2017

🔔 Create Sierrawireless Vulnerability Alert

What is CVE-2016-5066?

The Sierra Wireless GX 440 device, operating on ALEOS firmware version 4.3.2, is susceptible to unauthorized access due to the use of weak passwords for several critical accounts, including admin, rauser, sconsole, and user accounts. This vulnerability poses significant security risks, enabling potential attackers to gain control over the device and its network functionalities. Ensuring strong, complex passwords is essential to mitigate these risks and enhance overall device security.

Affected Version(s)

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2

References

https://carvesystems.com/sierra-wireless-2016-advisory.html

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 10, 2017
Vulnerability Reserved
May 26, 2016