Sierra Wireless MGOS before 3.15.2 and 4.x before 4.3 allows attackers to read log files via a Direct Request (aka Forced Browsing).
sierrawireless
CVE-2019-11847
An improper privilege management vulnerabitlity exists in ALEOS before 4.11.0, 4.9.4 and 4.4.9. An authenticated user can escalate to root via the command shell.
CVE-2019-11848
An API abuse vulnerability exists in the AT command API of ALEOS before 4.13.0, 4.9.5, 4.4.9 due to lack of length checking when handling certain user-provided values.
CVE-2019-11849
A stack overflow vulnerabiltity exists in the AT command APIs of ALEOS before 4.11.0. The vulnerability may allow code execution.
CVE-2019-11850
A stack overflow vulnerabiltity exist in the AT command interface of ALEOS before 4.11.0. The vulnerability may allow code execution
CVE-2019-11851
The ACENet service in Sierra Wireless ALEOS before 4.4.9, 4.5.x through 4.9.x before 4.9.5, and 4.10.x through 4.13.x before 4.14.0 allows remote attackers to execute arbitrary code via a buffer overflow.