Vulnerabilities > Nokia

DATE CVE VULNERABILITY TITLE RISK
2020-01-31 CVE-2014-3809 Cross-Site Scripting vulnerability in Nokia products
Cross-site scripting (XSS) vulnerability in the management interface in Alcatel-Lucent 1830 Photonic Service Switch (PSS) 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the myurl parameter to menu/pop.html.
network
nokia CWE-79
4.3
2019-11-25 CVE-2019-17406 Path Traversal vulnerability in Nokia Impact
Nokia IMPACT < 18A has path traversal that may lead to RCE if chained with CVE-2019-1743
network
low complexity
nokia CWE-22
5.0
2019-11-25 CVE-2019-17405 Cross-Site Scripting vulnerability in Nokia Impact
Nokia IMPACT < 18A: has Reflected self XSS
network
nokia CWE-79
4.3
2019-11-25 CVE-2019-17404 Path Traversal vulnerability in Nokia Impact
Nokia IMPACT < 18A: allows full path disclosure
network
low complexity
nokia CWE-22
4.0
2019-11-25 CVE-2019-17403 Unrestricted Upload of File With Dangerous Type vulnerability in Nokia Impact
Nokia IMPACT < 18A: An unrestricted File Upload vulnerability was found that may lead to Remote Code Execution.
network
low complexity
nokia CWE-434
6.5
2019-03-21 CVE-2019-7386 A Denial of Service issue has been discovered in the Gecko component of KaiOS 2.5 10.05 (platform 48.0.a2) on Nokia 8810 4G devices.
network
kaiostech nokia
7.1
2019-03-05 CVE-2019-3922 Out-Of-Bounds Write vulnerability in Nokia I-240W-Q Gpon ONT Firmware 3Fe54567Bozj19
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, unauthenticated attacker to /GponForm/fsetup_Form.
network
low complexity
nokia CWE-787
7.5
2019-03-05 CVE-2019-3921 Out-Of-Bounds Write vulnerability in Nokia I-240W-Q Gpon ONT Firmware 3Fe54567Bozj19
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, authenticated attacker to /GponForm/usb_Form?script/.
network
low complexity
nokia CWE-787
6.5
2019-03-05 CVE-2019-3920 Command Injection vulnerability in Nokia I-240W-Q Gpon ONT Firmware 3Fe54567Bozj19
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to authenticated command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/device_Form?script/.
network
low complexity
nokia CWE-77
6.5
2019-03-05 CVE-2019-3919 Command Injection vulnerability in Nokia I-240W-Q Gpon ONT Firmware 3Fe54567Bozj19
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/usb_restore_Form?script/.
network
low complexity
nokia CWE-77
6.5