CVE-2015-2897
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
08/08/2015
Last modified:
12/04/2025
Description
Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote attackers to obtain administrative access via a (1) SSH or (2) TELNET session.
Impact
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:sierrawireless:aleos:*:*:*:*:*:*:*:* | 4.4.1 (including) | |
| cpe:2.3:h:sierrawireless:airlink_es440:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sierrawireless:airlink_es450:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sierrawireless:airlink_gx440:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sierrawireless:airlink_gx450:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sierrawireless:airlink_ls300:*:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page