Vulnerabilities > Adtran
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-24 | CVE-2024-31970 | Unspecified vulnerability in Adtran SDG Smartos AdTran SRG 834-5 HDC17600021F1 devices (with SmartOS 11.1.1.1 and fixed in Version 12.1.3.1) have SSH enabled by default, accessible both over the LAN and the Internet. | 8.8 |
| 2024-07-24 | CVE-2024-31971 | Cross-site Scripting vulnerability in Adtran Netvanta 3120 Firmware 18.01.01.00.E Multiple stored cross-site scripting (XSS) vulnerabilities on AdTran NetVanta 3120 18.01.01.00.E devices allow remote attackers to inject arbitrary JavaScript, as demonstrated by /mainPassword.html, /processIdentity.html, /public.html, /dhcp.html, /private.html, /hostname.html, /connectivity.html, /NetworkMonitor.html, /trafficMonitoringConfig.html, and /wizardMain.html. | 4.8 |
| 2024-07-24 | CVE-2024-31977 | OS Command Injection vulnerability in Adtran 834-5 Firmware and SDG Smartos Adtran 834-5 11.1.0.101-202106231430, and fixed as of SmartOS Version 12.6.3.1, devices allow OS Command Injection via shell metacharacters to the Ping or Traceroute utility. | 8.8 |
| 2024-07-24 | CVE-2024-39345 | OS Command Injection vulnerability in Adtran SDG Smartos AdTran 834-5 HDC17600021F1 (SmartOS 11.1.1.1) devices enable the SSH service by default and have a hidden, undocumented, hard-coded support account whose password is based on the devices MAC address. | 7.2 |
| 2022-09-14 | CVE-2022-37661 | Unspecified vulnerability in Adtran Sr506N Firmware and Sr510N Firmware SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable to Remote Code Execution (RCE) via the ping host feature. | 9.8 |
| 2021-04-20 | CVE-2021-25681 | Unspecified vulnerability in Adtran Personal Phone Manager 10.8.1 AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. | 7.5 |
| 2021-04-20 | CVE-2021-25680 | Cross-site Scripting vulnerability in Adtran Personal Phone Manager 10.8.1 The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. | 6.1 |
| 2021-04-20 | CVE-2021-25679 | Cross-site Scripting vulnerability in Adtran Personal Phone Manager 10.8.1 The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues. | 5.4 |
| 2019-03-27 | CVE-2018-19648 | Improper Privilege Management vulnerability in Adtran Pmaa 1.6.2/1.6.3 An issue was discovered in ADTRAN PMAA 1.6.2-1, 1.6.3, and 1.6.4. | 8.8 |