Vulnerabilities
Vulnerable Software
Nokia:  Security Vulnerabilities
Nokia BTS TRS web console FTM_W20_FP2_2019.08.16_0010 allows Authentication Bypass. A malicious unauthenticated user can get access to all the functionalities exposed via the web panel, circumventing the authentication process, by using URL encoding for the . (dot) character.
CVSS Score
9.8
EPSS Score
0.216
Published
2022-02-11
Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an authenticated user via is_ctc_admin=1 to login_web_app.cgi and use of Import Config File.
CVSS Score
8.8
EPSS Score
0.016
Published
2021-12-27
An issue was discovered in heif through v3.6.2. A global-buffer-overflow exists in the function HevcDecoderConfigurationRecord::getPicWidth() located in hevcdecoderconfigrecord.cpp. It allows an attacker to cause code Execution.
CVSS Score
7.8
EPSS Score
0.01
Published
2021-09-20
An issue was discovered in heif through v3.6.2. A global-buffer-overflow exists in the function HevcDecoderConfigurationRecord::getPicHeight() located in hevcdecoderconfigrecord.cpp. It allows an attacker to cause code Execution.
CVSS Score
7.8
EPSS Score
0.01
Published
2021-09-20
An issue was discovered in heif through through v3.6.2. A NULL pointer dereference exists in the function convertByteStreamToRBSP() located in nalutil.cpp. It allows an attacker to cause Denial of Service.
CVSS Score
5.5
EPSS Score
0.006
Published
2021-09-20
An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices. There is Stored XSS in the administrative interface via urlfilter.cgi?add url_address.
CVSS Score
4.8
EPSS Score
0.006
Published
2021-04-02
An issue was discovered in Nokia NetAct 18A. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /netact/sct filename parameter is used.
CVSS Score
5.4
EPSS Score
0.007
Published
2021-03-25
An issue was discovered in Nokia NetAct 18A. A remote user, authenticated to the NOKIA NetAct Web Page, can visit the Site Configuration Tool web site section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the operation=upload value.
CVSS Score
6.5
EPSS Score
0.014
Published
2021-03-25
Cross-site scripting (XSS) vulnerability in the management interface in Alcatel-Lucent 1830 Photonic Service Switch (PSS) 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the myurl parameter to menu/pop.html.
CVSS Score
6.1
EPSS Score
0.009
Published
2020-01-31
Nokia IMPACT < 18A has path traversal that may lead to RCE if chained with CVE-2019-1743
CVSS Score
5.3
EPSS Score
0.011
Published
2019-11-25


Contact Us

Shodan ® - All rights reserved