Vulnerabilities > Adtran
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-24 | CVE-2024-31970 | Unspecified vulnerability in Adtran SDG Smartos AdTran SRG 834-5 HDC17600021F1 devices (with SmartOS 11.1.1.1 and fixed in Version 12.1.3.1) have SSH enabled by default, accessible both over the LAN and the Internet. | 8.8 |
| 2024-07-24 | CVE-2024-31971 | Cross-site Scripting vulnerability in Adtran Netvanta 3120 Firmware 18.01.01.00.E Multiple stored cross-site scripting (XSS) vulnerabilities on AdTran NetVanta 3120 18.01.01.00.E devices allow remote attackers to inject arbitrary JavaScript, as demonstrated by /mainPassword.html, /processIdentity.html, /public.html, /dhcp.html, /private.html, /hostname.html, /connectivity.html, /NetworkMonitor.html, /trafficMonitoringConfig.html, and /wizardMain.html. | 4.8 |
| 2024-07-24 | CVE-2024-31977 | OS Command Injection vulnerability in Adtran 834-5 Firmware and SDG Smartos Adtran 834-5 11.1.0.101-202106231430, and fixed as of SmartOS Version 12.6.3.1, devices allow OS Command Injection via shell metacharacters to the Ping or Traceroute utility. | 8.8 |
| 2024-07-24 | CVE-2024-39345 | OS Command Injection vulnerability in Adtran SDG Smartos AdTran 834-5 HDC17600021F1 (SmartOS 11.1.1.1) devices enable the SSH service by default and have a hidden, undocumented, hard-coded support account whose password is based on the devices MAC address. | 7.2 |
| 2022-09-14 | CVE-2022-37661 | Unspecified vulnerability in Adtran Sr506N Firmware and Sr510N Firmware SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable to Remote Code Execution (RCE) via the ping host feature. | 9.8 |
| 2021-04-20 | CVE-2021-25681 | Unspecified vulnerability in Adtran Personal Phone Manager 10.8.1 AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. | 7.5 |
| 2021-04-20 | CVE-2021-25680 | Cross-site Scripting vulnerability in Adtran Personal Phone Manager 10.8.1 The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. | 6.1 |
| 2021-04-20 | CVE-2021-25679 | Cross-site Scripting vulnerability in Adtran Personal Phone Manager 10.8.1 The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues. | 5.4 |
| 2019-03-27 | CVE-2018-19648 | Improper Privilege Management vulnerability in Adtran Pmaa 1.6.2/1.6.3 An issue was discovered in ADTRAN PMAA 1.6.2-1, 1.6.3, and 1.6.4. | 9.0 |
| 2013-12-30 | CVE-2013-5210 | Cross-Site Scripting vulnerability in Adtran Aos, Netvanta 7060 and Netvanta 7100 Cross-site scripting (XSS) vulnerability in the GUI login page in ADTRAN AOS before R10.8.1 on the NetVanta 7100 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |