Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nokia vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-41353
Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of weak password requirements. A remote attacker with regular user privilege can easily infer the administrator password from system information after logging system, resulting in admin access and performing arbitrary system ope...
Nokia G-040w-q Firmware G040wqr201207
8.8
CVSSv3
CVE-2022-41763
An issue exists in NOKIA AMS 9.7.05. Remote Code Execution exists via the debugger of the ipAddress variable. A remote user, authenticated to the AMS server, could inject code in the PING function. The privileges of the command executed depend on the user that runs the service.
Nokia Access Management System 9.7.05
8.8
CVSSv3
CVE-2022-28863
An issue exists in Nokia NetAct 22. A remote user, authenticated to the website, can visit the Site Configuration Tool section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the operation=upload value.
Nokia Netact 22.0.0.62
8.8
CVSSv3
CVE-2022-30280
/SecurityManagement/html/createuser.jsf in Nokia NetAct 22 allows CSRF. A remote attacker is able to create users with arbitrary privileges, even administrative privileges. The application (even if it implements a CSRF token for the random GET request) does not ever verify a CSRF...
Nokia Netact 22.0.0.62
8.8
CVSSv3
CVE-2022-28864
An issue exists in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include malicious code, which is then downloaded as a .csv or .xlsx file and executed on a victim machine. Here, ...
Nokia Netact 22.0.0.62
8.8
CVSSv3
CVE-2022-30759
In Nokia One-NDS (aka Network Directory Server) up to and including 20.9, some Sudo permissions can be exploited by some users to escalate to root privileges and execute arbitrary commands.
Nokia One-nds
8.8
CVSSv3
CVE-2023-26060
An issue exists in Nokia NetAct prior to 22 FP2211. On the Working Set Manager page, users can create a Working Set with a name that has a client-side template injection payload. Input validation is missing during creation of the working set. For an external attacker, it is very ...
Nokia Netact
8.8
CVSSv3
CVE-2022-2482
A vulnerability exists in Nokia’s ASIK AirScale system module (versions 474021A.101 and 474021A.102) that could allow an malicious user to place a script on the file system accessible from Linux. A script placed in the appropriate place could allow for arbitrary code execu...
Nokia Asik Airscale 474021a.102 Firmware -
Nokia Asik Airscale 474021a.101 Firmware -
8.8
CVSSv3
CVE-2022-28866
Multiple Improper Access Control exists in Nokia AirFrame BMC Web GUI < R18 Firmware v4.13.00. It does not properly validate requests for access to (or editing of) data and functionality in all endpoints under /#settings/* and /api/settings/*. By not verifying the permissions ...
Nokia Airframe Bmc Web Gui R18 Firmware
8.8
CVSSv3
CVE-2022-39819
In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs. This allows authenticated users to execute commands on the operating system.
Nokia 1350 Optical Management System 14.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »