Researchers Carl Hurd and Jared Rittle said in a blog post that the flaws opened up a variety of attack vectors that could allow attackers to remotely execute code on a victim's machine, change the admin password, and expose user credentials.
Most of the vulnerabilities were present in the Web server included with the ES450; it is known as ACEManager and is used for most interactions with the device, including reconfiguration. user authentication and managing certificates.
Hurd and Rittle said they had tested and verified that the ES450 was vulnerable to all 11 flaws.
Sierra Wireless was contacted and confirmed that the following devices were all affected by one or more of the flaws:
Fresh firmware to fix the flaws is yet to be issued.