CVE-2023-40460
Improper input leads to DoS
The ACEManager
component of ALEOS 4.16 and earlier does not
validate uploaded
file names and types, which could potentially allow
an authenticated
user to perform client-side script execution within
ACEManager, altering
the device functionality until the device is
restarted.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
Produtos afetados
SierraWireless · ALEOSQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →