This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Nokia First view 2019-03-05
Product I-240w-Q Gpon Ont Firmware Last view 2019-03-05
Version 3fe54567bozj19 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:nokia:i-240w-q_gpon_ont_firmware

Activity : Overall

Related : CVE

  Date Alert Description
9.8 2019-03-05 CVE-2019-3922

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, unauthenticated attacker to /GponForm/fsetup_Form. An attacker can leverage this vulnerability to potentially execute arbitrary code.

8.8 2019-03-05 CVE-2019-3921

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, authenticated attacker to /GponForm/usb_Form?script/. An attacker can leverage this vulnerability to potentially execute arbitrary code.

8.8 2019-03-05 CVE-2019-3920

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to authenticated command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/device_Form?script/.

8.8 2019-03-05 CVE-2019-3919

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/usb_restore_Form?script/.

9.8 2019-03-05 CVE-2019-3918

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 contains multiple hard coded credentials for the Telnet and SSH interfaces.

7.5 2019-03-05 CVE-2019-3917

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 allows a remote, unauthenticated attacker to enable telnetd on the router via a crafted HTTP request.

CWE : Common Weakness Enumeration

%idName
33% (2) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
33% (2) CWE-77 Improper Sanitization of Special Elements used in a Command ('Comma...
16% (1) CWE-798 Use of Hard-coded Credentials
16% (1) CWE-284 Access Control (Authorization) Issues