Vulnerabilities > CVE-2023-41355 - Improper Verification of Source of a Communication Channel vulnerability in Nokia G-040W-Q Firmware G040Wqr201207

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

nokia

CWE-940

critical

NVD

Published: 2023-11-03

Updated: 2024-10-14

Summary

Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted package to modify the network routing table, resulting in a denial of service or sensitive information leaking.

Vulnerable Configurations

Part	Description	Count
OS	Nokia Nokia G 040W Q Firmware G040Wqr201207	1
Hardware	Nokia Nokia G 040W Q -	1

Common Weakness Enumeration (CWE)

CWE-940 - Improper Verification of Source of a Communication Channel

References

https://www.twcert.org.tw/tw/cp-132-7505-a0c94-1.html