CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-30003
https://notcve.org/view.php?id=CVE-2021-30003
An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices. There is Stored XSS in the administrative interface via urlfilter.cgi?add url_address. Se detectó un problema en los dispositivos Nokia G-120W-F versión 3FE46606AGAB91. Se presenta una vulnerabilidad de tipo XSS almacenado en la interfaz administrativa por medio de url_address urlfilter.cgi? • https://research.0xdutra.com/posts/router-g120w-f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-26596
https://notcve.org/view.php?id=CVE-2021-26596
An issue was discovered in Nokia NetAct 18A. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /netact/sct filename parameter is used. Se detectó un problema en Nokia NetAct 18A. • https://www.gruppotim.it/redteam https://www.trusted-introducer.org/directory/teams/nokia-psirt.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-26597
https://notcve.org/view.php?id=CVE-2021-26597
An issue was discovered in Nokia NetAct 18A. A remote user, authenticated to the NOKIA NetAct Web Page, can visit the Site Configuration Tool web site section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the operation=upload value. Se detectó un problema en Nokia NetAct 18A. Un usuario remoto, autenticado en la página web de NOKIA NetAct, puede visitar la sección del sitio web de la Site Configuration Tool y cargar arbitrariamente archivos potencialmente peligrosos sin restricciones por medio del parámetro dir de /netact/sct junto con el valor operation=upload • https://www.gruppotim.it/redteam https://www.trusted-introducer.org/directory/teams/nokia-psirt.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17406
https://notcve.org/view.php?id=CVE-2019-17406
Nokia IMPACT < 18A has path traversal that may lead to RCE if chained with CVE-2019-1743 Nokia IMPACT versiones anteriores a 18A, presenta un salto de ruta que puede conllevar a RCE si se encadena con CVE-2019-1743. • https://www.nokia.com/networks/solutions/impact-iot-platform https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17405
https://notcve.org/view.php?id=CVE-2019-17405
Nokia IMPACT < 18A: has Reflected self XSS Nokia IMPACT versiones anteriores a 18A: presenta una vulnerabilidad de tipo XSS propio Reflejado. • https://www.nokia.com/networks/solutions/impact-iot-platform https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •