Vulnerabilities
Vulnerable Software
Nokia:  Security Vulnerabilities
An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2104.00.0281. Bluetooth on the Nokia ODU uses outdated pairing mechanisms, allowing an attacker to passively intercept a paring handshake and (after offline cracking) retrieve the PIN and LTK (long-term key).
CVSS Score
4.3
EPSS Score
0.005
Published
2022-09-15
In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs. This allows authenticated users to execute commands on the operating system.
CVSS Score
8.8
EPSS Score
0.014
Published
2022-09-13
In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerability occurs. The web application stores critical information, such as cleartext user credentials, in world-readable files in the filesystem.
CVSS Score
7.5
EPSS Score
0.006
Published
2022-09-13
In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP GET parameter.
CVSS Score
6.1
EPSS Score
0.004
Published
2022-09-13
In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs. This vulnerability allow unauthenticated users to execute commands on the operating system.
CVSS Score
9.8
EPSS Score
0.021
Published
2022-09-13
In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials (cleartext administrator password) occur in the edit configuration page. Exploitation requires an authenticated attacker.
CVSS Score
6.5
EPSS Score
0.005
Published
2022-09-13
In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occurs. Exploitation requires an authenticated attacker. Through the injection of arbitrary SQL statements, a potential authenticated attacker can modify query syntax and perform unauthorized (and unexpected) operations against the remote database.
CVSS Score
8.8
EPSS Score
0.007
Published
2022-09-13
NOKIA VitalSuite SPM 2020 is affected by SQL injection through UserName'.
CVSS Score
9.8
EPSS Score
0.017
Published
2022-06-16
Nokia "G-2425G-A" Bharti Airtel Routers Hardware version "3FE48299DEAA" Software Version "3FE49362IJHK42" is vulnerable to Cross-Site Scripting (XSS) via the admin->Maintenance>Device Management.
CVSS Score
4.8
EPSS Score
0.005
Published
2022-06-14
Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates (for the Manage Alerts page) via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user, database name, and database version information, and potentially database data.
CVSS Score
6.5
EPSS Score
0.01
Published
2022-05-25


Contact Us

Shodan ® - All rights reserved