Vulnerabilities > Nokia > High

DATE CVE VULNERABILITY TITLE RISK
2022-12-21 CVE-2022-36222 Use of Hard-coded Credentials vulnerability in Nokia Fastmile Firmware 3Tg00118Abad52
Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin account of admin:Nq+L5st7o This account can be used locally to access the web admin interface.
local
low complexity
nokia CWE-798
8.4
8.4
2022-10-12 CVE-2022-28866 Missing Authorization vulnerability in Nokia Airframe BMC web GUI R18 Firmware
Multiple Improper Access Control was discovered in Nokia AirFrame BMC Web GUI < R18 Firmware v4.13.00.
network
low complexity
nokia CWE-862
8.8
8.8
2022-09-13 CVE-2022-39817 SQL Injection vulnerability in Nokia 1350 Optical Management System 14.2
In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occurs.
network
low complexity
nokia CWE-89
8.8
8.8
2022-09-13 CVE-2022-39819 OS Command Injection vulnerability in Nokia 1350 Optical Management System 14.2
In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs.
network
low complexity
nokia CWE-78
8.8
8.8
2022-09-13 CVE-2022-39821 Information Exposure Through Log Files vulnerability in Nokia 1350 Optical Management System 14.2
In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerability occurs.
network
low complexity
nokia CWE-532
7.5
7.5
2022-06-16 CVE-2021-41487 SQL Injection vulnerability in Nokia Vitalsuite 2020
NOKIA VitalSuite SPM 2020 is affected by SQL injection through UserName'.
network
low complexity
nokia CWE-89
7.5
7.5
2022-02-11 CVE-2021-31932 Unspecified vulnerability in Nokia BTS TRS web Console Ftmw20Fp22019.08.160010
Nokia BTS TRS web console FTM_W20_FP2_2019.08.16_0010 allows Authentication Bypass.
network
low complexity
nokia
7.5
7.5
2021-12-27 CVE-2021-45896 Unspecified vulnerability in Nokia Fastmile Firmware 3Tg00118Abad52
Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an authenticated user via is_ctc_admin=1 to login_web_app.cgi and use of Import Config File.
network
low complexity
nokia
8.8
8.8
2019-03-21 CVE-2019-7386 A Denial of Service issue has been discovered in the Gecko component of KaiOS 2.5 10.05 (platform 48.0.a2) on Nokia 8810 4G devices.
network
kaiostech nokia
7.1
7.1
2019-03-05 CVE-2019-3922 Out-of-bounds Write vulnerability in Nokia I-240W-Q Gpon ONT Firmware 3Fe54567Bozj19
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, unauthenticated attacker to /GponForm/fsetup_Form.
network
low complexity
nokia CWE-787
7.5
7.5