Author: Cyberthreat Blog

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection.

Netikus EventSentry before 3.2.1.44 has XSS via SNMP.

Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section.

Opmantek NMIS before 4.3.7c has command injection via man, finger, ping, trace, and nslookup in the tools.pl CGI script. Versions before 8.5.12G might be affected in non-default configurations.