Vulnerability Description
An API abuse vulnerability exists in the AT command API of ALEOS before 4.13.0, 4.9.5, 4.4.9 due to lack of length checking when handling certain user-provided values.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sierrawireless | Aleos | < 4.13.0 |
| Sierrawireless | Airlink Lx40 | - |
| Sierrawireless | Airlink Lx60 | - |
| Sierrawireless | Airlink Mp70 | - |
| Sierrawireless | Airlink Mp70E | - |
| Sierrawireless | Airlink Rv50 | - |
| Sierrawireless | Airlink Rv50X | - |
| Sierrawireless | Airlink Es450 | - |
| Sierrawireless | Airlink Gx450 | - |
| Sierrawireless | Airlink Es440 | - |
| Sierrawireless | Airlink Gx400 | - |
| Sierrawireless | Airlink Gx440 | - |
| Sierrawireless | Airlink Ls300 | - |
Related Weaknesses (CWE)
References
- https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-tVendor Advisory
- https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-tVendor Advisory
FAQ
What is CVE-2019-11848?
CVE-2019-11848 is a vulnerability with a CVSS score of 4.1 (MEDIUM). An API abuse vulnerability exists in the AT command API of ALEOS before 4.13.0, 4.9.5, 4.4.9 due to lack of length checking when handling certain user-provided values.
How severe is CVE-2019-11848?
CVE-2019-11848 has been rated MEDIUM with a CVSS base score of 4.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-11848?
Check the references section above for vendor advisories and patch information. Affected products include: Sierrawireless Aleos, Sierrawireless Airlink Lx40, Sierrawireless Airlink Lx60, Sierrawireless Airlink Mp70, Sierrawireless Airlink Mp70E.