Headline
CVE-2023-40460: SWI-PSA-2023-006: Product Security Advisory: ALEOS Security Advisory
The ACEManager component of ALEOS 4.16 and earlier does not
validate uploaded file names and types, which could potentially allow
an authenticated user to perform client-side script execution within
ACEManager, altering the device functionality until the device is
restarted.
Sierra Wireless was recently informed of six security vulnerabilities in ALEOS, the operating system used in certain Sierra Wireless AirLink Routers, including the MP70, RV50x, RV55, LX40, LX60, ES450 and GX450. The vulnerabilities are present in ALEOS 4.16 and earlier versions and have been remediated in ALEOS 4.17 released in October 2023. Please see the bulletin for details.
SWI-PSA-2023-006: Product Security Advisory: ALEOS Security Advisory