Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2019-19148

Published: 20/03/2020 Updated: 07/11/2023
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Tellabs Optical Line Terminal (OLT) 1150 devices allow Remote Command Execution via the -l option to TELNET or SSH. Tellabs has addressed this issue in the SR30.1 and SR31.1 release on February 18, 2020.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

tellabs optical_line_terminal_1150_firmware ont709.2.50.12

Github Repositories

https://github.com/ellwoodthewood/tellabs_rce

Tellabs OLT RCE

tellabs_rce CVE-2019-19148 [updated information from the vendor at the bottom] Tellabs OLT RCE During a recent penetration test, a vulnerability in the way Tellabs handles incoming authentication/authorization was discovered which allowed us to bypass the authentication methods on the Tellabs OLT 1150 device It is highly suspected that this vulnerability exists in other device

References

CWE-78https://github.com/ellwoodthewood/tellabs_rcehttps://docs.tellabs.com/articles/#%21vulnerability-response/cve-2019-19148https://nvd.nist.govhttps://github.com/ellwoodthewood/tellabs_rce
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scriptingCVE-2024-5158XML external entityCVE-2024-4262CVE-2024-2036CVE-2024-4985CVE-2024-21791remote attackersCVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook