Filtered by vendor Nokia
Subscriptions
Total
113 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-39818 | 1 Nokia | 1 Network Functions Manager For Transport | 2024-01-03 | 8.8 High |
| In NOKIA NFM-T R19.9, an OS Command Injection vulnerability occurs in /cgi-bin/R19.9/log.pl of the VM Manager WebUI via the cmd HTTP GET parameter. This allows authenticated users to execute commands, with root privileges, on the operating system. | ||||
| CVE-2022-39820 | 1 Nokia | 1 Network Functions Manager For Transport | 2024-01-03 | 6.5 Medium |
| In Network Element Manager in NOKIA NFM-T R19.9, an Unprotected Storage of Credentials vulnerability occurs under /root/RestUploadManager.xml.DRC and /DEPOT/KECustom_199/OTNE_DRC/RestUploadManager.xml. A remote user, authenticated to the operating system, with access privileges to the directory /root or /DEPOT, is able to read cleartext credentials to access the web portal NFM-T and control all the PPS Network elements. | ||||
| CVE-2022-39822 | 1 Nokia | 1 Network Functions Manager For Transport | 2024-01-03 | 8.8 High |
| In NOKIA NFM-T R19.9, a SQL Injection vulnerability occurs in /cgi-bin/R19.9/easy1350.pl of the VM Manager WebUI via the id or host HTTP GET parameter. An authenticated attacker is required for exploitation. | ||||
| CVE-2022-41760 | 1 Nokia | 1 Network Functions Manager For Transport | 2024-01-03 | 6.5 Medium |
| An issue was discovered in NOKIA NFM-T R19.9. Relative Path Traversal can occur under /oms1350/data/cpb/log of the Network Element Manager via the filename parameter, allowing a remote authenticated attacker to read arbitrary files. | ||||
| CVE-2022-41761 | 1 Nokia | 1 Network Functions Manager For Transport | 2024-01-03 | 6.5 Medium |
| An issue was discovered in NOKIA NFM-T R19.9. An Absolute Path Traversal vulnerability exists under /cgi-bin/R19.9/viewlog.pl of the VM Manager WebUI via the logfile parameter, allowing a remote authenticated attacker to read arbitrary files. | ||||
| CVE-2022-41762 | 1 Nokia | 1 Network Functions Manager For Transport | 2024-01-03 | 6.1 Medium |
| An issue was discovered in NOKIA NFM-T R19.9. Multiple Reflected XSS vulnerabilities exist in the Network Element Manager via any parameter to log.pl, the bench or pid parameter to top.pl, or the id parameter to easy1350.pl. | ||||
| CVE-2022-43675 | 1 Nokia | 1 Network Functions Manager For Transport | 2024-01-03 | 6.1 Medium |
| An issue was discovered in NOKIA NFM-T R19.9. Reflected XSS in the Network Element Manager exists via /oms1350/pages/otn/cpbLogDisplay via the filename parameter, under /oms1350/pages/otn/connection/E2ERoutingDisplayWithOverLay via the id parameter, and under /oms1350/pages/otn/mainOtn via all parameters. | ||||
| CVE-2023-41355 | 1 Nokia | 2 G-040w-q, G-040w-q Firmware | 2023-11-13 | 9.8 Critical |
| Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted package to modify the network routing table, resulting in a denial of service or sensitive information leaking. | ||||
| CVE-2023-41354 | 1 Nokia | 2 G-040w-q, G-040w-q Firmware | 2023-11-13 | 3.3 Low |
| Chunghwa Telecom NOKIA G-040W-Q Firewall function does not block ICMP TIMESTAMP requests by default, an unauthenticated remote attacker can exploit this vulnerability by sending a crafted package, resulting in partially sensitive information exposed to an actor. | ||||
| CVE-2023-41353 | 1 Nokia | 2 G-040w-q, G-040w-q Firmware | 2023-11-13 | 8.8 High |
| Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of weak password requirements. A remote attacker with regular user privilege can easily infer the administrator password from system information after logging system, resulting in admin access and performing arbitrary system operations or disrupt service. | ||||
| CVE-2023-41352 | 1 Nokia | 2 G-040w-q, G-040w-q Firmware | 2023-11-13 | 7.2 High |
| Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services. | ||||
| CVE-2023-41351 | 1 Nokia | 2 G-040w-q, G-040w-q Firmware | 2023-11-13 | 9.8 Critical |
| Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an alternative URL. This makes it possible for unauthenticated remote attackers to log in as any existing users, such as an administrator, to perform arbitrary system operations or disrupt service. | ||||
| CVE-2023-41350 | 1 Nokia | 2 G-040w-q, G-040w-q Firmware | 2023-11-13 | 9.8 Critical |
| Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple failed authentication attempts. An unauthenticated remote attacker can execute a crafted Javascript to expose captcha in page, making it very easy for bots to bypass the captcha check and more susceptible to brute force attacks. | ||||
| CVE-2022-30903 | 1 Nokia | 2 G-2425g-a, G-2425g-a Firmware | 2023-11-07 | 4.8 Medium |
| Nokia "G-2425G-A" Bharti Airtel Routers Hardware version "3FE48299DEAA" Software Version "3FE49362IJHK42" is vulnerable to Cross-Site Scripting (XSS) via the admin->Maintenance>Device Management. | ||||
| CVE-2022-2484 | 1 Nokia | 2 Asik Airscale 474021a.101, Asik Airscale 474021a.101 Firmware | 2023-11-07 | 7.8 High |
| The signature check in the Nokia ASIK AirScale system module version 474021A.101 can be bypassed allowing an attacker to run modified firmware. This could result in the execution of a malicious kernel, arbitrary programs, or modified Nokia programs. | ||||
| CVE-2022-2483 | 1 Nokia | 4 Asik Airscale 474021a.101, Asik Airscale 474021a.101 Firmware, Asik Airscale 474021a.102 and 1 more | 2023-11-07 | 7.1 High |
| The bootloader in the Nokia ASIK AirScale system module (versions 474021A.101 and 474021A.102) loads public keys for firmware verification signature. If an attacker modifies the flash contents to corrupt the keys, secure boot could be permanently disabled on a given device. | ||||
| CVE-2022-2482 | 1 Nokia | 4 Asik Airscale 474021a.101, Asik Airscale 474021a.101 Firmware, Asik Airscale 474021a.102 and 1 more | 2023-11-07 | 8.8 High |
| A vulnerability exists in Nokia’s ASIK AirScale system module (versions 474021A.101 and 474021A.102) that could allow an attacker to place a script on the file system accessible from Linux. A script placed in the appropriate place could allow for arbitrary code execution in the bootloader. | ||||
| CVE-2005-2277 | 1 Nokia | 1 Affix | 2023-11-07 | N/A |
| Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename argument of a PUT command. | ||||
| CVE-2023-22618 | 1 Nokia | 12 Wavelite Metro 200 And F2b Fans, Wavelite Metro 200 And F2b Fans Firmware, Wavelite Metro 200 And Fan and 9 more | 2023-10-06 | 7.8 High |
| If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. This affects (for example) WaveLite Metro 200 and Fan, WaveLite Metro 200 OPS and Fans, WaveLite Metro 200 and F2B fans, WaveLite Metro 200 OPS and F2B fans, WaveLite Metro 200 NE and F2B fans, and WaveLite Metro 200 NE OPS and F2B fans. | ||||
| CVE-2022-41763 | 1 Nokia | 1 Access Management System | 2023-09-08 | 8.8 High |
| An issue was discovered in NOKIA AMS 9.7.05. Remote Code Execution exists via the debugger of the ipAddress variable. A remote user, authenticated to the AMS server, could inject code in the PING function. The privileges of the command executed depend on the user that runs the service. | ||||