CVE-2016-5066

Name of the Vulnerable Software and Affected Versions Sierra Wireless AirLink GX 440 versions with ALEOS firmware 4.3.2

Description The issue is related to the use of predefined credentials in the ALEOS firmware of the Sierra Wireless AirLink GX 440 wireless modem. An attacker can exploit this to gain access to the system with the rights of one of the users: admin, rauser, sconsole, or user by recovering the corresponding passwords. The passwords for these users are weak, specifically: admin with password 2222, and rauser, sconsole, and user with password 12345.

Recommendations For Sierra Wireless AirLink GX 440 devices with ALEOS firmware 4.3.2, consider changing the default passwords for the admin, rauser, sconsole, and user accounts to stronger, unique passwords to prevent unauthorized access. As a temporary workaround, restrict access to the device until the passwords can be changed.