Vulnerabilities (CVE)

Filtered by vendor Nokia Subscribe
Filtered by product I-240w-q Gpon Ont Firmware
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-3922 1 Nokia 2 I-240w-q Gpon Ont, I-240w-q Gpon Ont Firmware 2024-11-21 7.5 HIGH 9.8 CRITICAL
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, unauthenticated attacker to /GponForm/fsetup_Form. An attacker can leverage this vulnerability to potentially execute arbitrary code.
CVE-2019-3921 1 Nokia 2 I-240w-q Gpon Ont, I-240w-q Gpon Ont Firmware 2024-11-21 6.5 MEDIUM 8.8 HIGH
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, authenticated attacker to /GponForm/usb_Form?script/. An attacker can leverage this vulnerability to potentially execute arbitrary code.
CVE-2019-3920 1 Nokia 2 I-240w-q Gpon Ont, I-240w-q Gpon Ont Firmware 2024-11-21 6.5 MEDIUM 8.8 HIGH
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to authenticated command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/device_Form?script/.
CVE-2019-3919 1 Nokia 2 I-240w-q Gpon Ont, I-240w-q Gpon Ont Firmware 2024-11-21 6.5 MEDIUM 8.8 HIGH
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/usb_restore_Form?script/.
CVE-2019-3918 1 Nokia 2 I-240w-q Gpon Ont, I-240w-q Gpon Ont Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 contains multiple hard coded credentials for the Telnet and SSH interfaces.
CVE-2019-3917 1 Nokia 2 I-240w-q Gpon Ont, I-240w-q Gpon Ont Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 allows a remote, unauthenticated attacker to enable telnetd on the router via a crafted HTTP request.