Headline
CVE-2023-40465: SWI-PSA-2023-006: Product Security Advisory: ALEOS Security Advisory
Several versions of ALEOS, including ALEOS 4.16.0, include an opensource
third-party component which can be exploited from the local
area network, resulting in a Denial of Service condition for the captive portal.
Sierra Wireless was recently informed of six security vulnerabilities in ALEOS, the operating system used in certain Sierra Wireless AirLink Routers, including the MP70, RV50x, RV55, LX40, LX60, ES450 and GX450. The vulnerabilities are present in ALEOS 4.16 and earlier versions and have been remediated in ALEOS 4.17 released in October 2023. Please see the bulletin for details.
SWI-PSA-2023-006: Product Security Advisory: ALEOS Security Advisory