Vulnerabilities > Adtran

DATE CVE VULNERABILITY TITLE RISK
2024-07-24 CVE-2024-31970 Unspecified vulnerability in Adtran SDG Smartos
AdTran SRG 834-5 HDC17600021F1 devices (with SmartOS 11.1.1.1 and fixed in Version 12.1.3.1) have SSH enabled by default, accessible both over the LAN and the Internet.
network
low complexity
adtran
8.8
2024-07-24 CVE-2024-31971 Cross-site Scripting vulnerability in Adtran Netvanta 3120 Firmware 18.01.01.00.E
Multiple stored cross-site scripting (XSS) vulnerabilities on AdTran NetVanta 3120 18.01.01.00.E devices allow remote attackers to inject arbitrary JavaScript, as demonstrated by /mainPassword.html, /processIdentity.html, /public.html, /dhcp.html, /private.html, /hostname.html, /connectivity.html, /NetworkMonitor.html, /trafficMonitoringConfig.html, and /wizardMain.html.
network
low complexity
adtran CWE-79
4.8
2024-07-24 CVE-2024-31977 OS Command Injection vulnerability in Adtran 834-5 Firmware and SDG Smartos
Adtran 834-5 11.1.0.101-202106231430, and fixed as of SmartOS Version 12.6.3.1, devices allow OS Command Injection via shell metacharacters to the Ping or Traceroute utility.
network
low complexity
adtran CWE-78
8.8
2024-07-24 CVE-2024-39345 OS Command Injection vulnerability in Adtran SDG Smartos
AdTran 834-5 HDC17600021F1 (SmartOS 11.1.1.1) devices enable the SSH service by default and have a hidden, undocumented, hard-coded support account whose password is based on the devices MAC address.
network
low complexity
adtran CWE-78
7.2
2022-09-14 CVE-2022-37661 Unspecified vulnerability in Adtran Sr506N Firmware and Sr510N Firmware
SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable to Remote Code Execution (RCE) via the ping host feature.
network
low complexity
adtran
critical
9.8
2021-04-20 CVE-2021-25681 Unspecified vulnerability in Adtran Personal Phone Manager 10.8.1
AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS.
network
low complexity
adtran
7.5
2021-04-20 CVE-2021-25680 Cross-site Scripting vulnerability in Adtran Personal Phone Manager 10.8.1
The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues.
network
low complexity
adtran CWE-79
6.1
2021-04-20 CVE-2021-25679 Cross-site Scripting vulnerability in Adtran Personal Phone Manager 10.8.1
The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues.
network
low complexity
adtran CWE-79
5.4
2019-03-27 CVE-2018-19648 Improper Privilege Management vulnerability in Adtran Pmaa 1.6.2/1.6.3
An issue was discovered in ADTRAN PMAA 1.6.2-1, 1.6.3, and 1.6.4.
network
low complexity
adtran CWE-269
critical
9.0
2013-12-30 CVE-2013-5210 Cross-Site Scripting vulnerability in Adtran Aos, Netvanta 7060 and Netvanta 7100
Cross-site scripting (XSS) vulnerability in the GUI login page in ADTRAN AOS before R10.8.1 on the NetVanta 7100 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
adtran CWE-79
4.3