CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17404
https://notcve.org/view.php?id=CVE-2019-17404
Nokia IMPACT < 18A: allows full path disclosure Nokia IMPACT versiones anteriores a 18A: permite una divulgación de ruta completa. • https://www.nokia.com/networks/solutions/impact-iot-platform https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1CVE-2019-17403
https://notcve.org/view.php?id=CVE-2019-17403
Nokia IMPACT < 18A: An unrestricted File Upload vulnerability was found that may lead to Remote Code Execution. Nokia IMPACT versiones anteriores a 18A: Se encontró una vulnerabilidad de carga de archivos sin restricciones que puede conllevar a una ejecución de código remota. • https://www.nokia.com/networks/solutions/impact-iot-platform https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 2CVE-2019-3921 – Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow
https://notcve.org/view.php?id=CVE-2019-3921
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, authenticated attacker to /GponForm/usb_Form?script/. An attacker can leverage this vulnerability to potentially execute arbitrary code. Alcatel Lucent I-240W-Q GPON ONT, con firmware en su versión 3FE54567BOZJ19, es vulnerable a un desbordamiento de búfer basado en pila mediante una petición HTTP POST enviada por un atacante autenticado remoto a /GponForm/usb_Form?script/. • https://www.exploit-db.com/exploits/46469 https://www.tenable.com/security/research/tra-2019-09 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-3919
https://notcve.org/view.php?id=CVE-2019-3919
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/usb_restore_Form?script/. Alcatel Lucent I-240W-Q GPON ONT, con firmware en su versión 3FE54567BOZJ19, es vulnerable a una inyección de comandos mediante una petición HTTP enviada por un atacante autenticado remoto a /GponForm/usb_restore_Form?script/. • https://www.tenable.com/security/research/tra-2019-09 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-3922
https://notcve.org/view.php?id=CVE-2019-3922
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, unauthenticated attacker to /GponForm/fsetup_Form. An attacker can leverage this vulnerability to potentially execute arbitrary code. Alcatel Lucent I-240W-Q GPON ONT, con firmware en su versión 3FE54567BOZJ19, es vulnerable a un desbordamiento de búfer basado en pila mediante una petición HTTP POST enviada por un atacante autenticado remoto a /GponForm/fsetup_Form. Un atacante puede aprovechar esta vulnerabilidad para ejecutar código arbitrario. • https://www.tenable.com/security/research/tra-2019-09 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •