VYPR
Vendor

Ericsson

Products
22
CVEs
48
Across products
51
Status
Private

Products

22

Recent CVEs

48
View all 48 CVEs →
  • CVE-2026-25660CriApr 24, 2026
    risk 0.57cvss 9.8epss 0.00

    CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the URL ends with Authentication with certain function calls.  This bypass allows assigning arbitrary permission to any user…

  • CVE-2024-25010HigMay 22, 2025
    risk 0.57cvss 8.8epss 0.00

    Ericsson RAN Compute and Site Controller 6610 contains in certain configurations a high severity vulnerability where improper input validation could be exploited leading to arbitrary code execution.

  • CVE-2025-0636HigOct 13, 2025
    risk 0.55cvss 8.4epss 0.00

    EMCLI contains a high severity vulnerability where improper neutralization of special elements used in an OS command could be exploited leading to Arbitrary Code Execution.

  • CVE-2025-40838HigSep 25, 2025
    risk 0.49cvss 7.5epss 0.00

    Ericsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed in the client which if exploited can lead to unauthorized disclosure of certain information.

  • CVE-2024-53827HigMay 16, 2025
    risk 0.49cvss 7.5epss 0.00

    Ericsson Packet Core Controller (PCC) contains a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation

  • CVE-2024-25008MedAug 16, 2024
    risk 0.44cvss 6.8epss 0.00

    Ericsson RAN Compute and Site Controller 6610 contains a vulnerability in the Control System where Improper Input Validation can lead to arbitrary code execution, for example to obtain a Linux Shell with the same privileges as the attacker. The attacker would require elevated…

  • CVE-2025-59174MedJun 5, 2026
    risk 0.42cvss 6.5epss 0.00

    Ericsson Packet Core Controller (PCC) versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation.

  • CVE-2026-25659MedJun 5, 2026
    risk 0.42cvss 6.5epss 0.00

    Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Missing Values (CWE-230) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists…

  • CVE-2026-25658MedJun 5, 2026
    risk 0.42cvss 6.5epss 0.00

    Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Missing Values (CWE-230) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists…

  • CVE-2026-25657MedJun 5, 2026
    risk 0.42cvss 6.5epss 0.00

    Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Syntactically Invalid Structure (CWE-228) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the…

  • CVE-2024-25009MedAug 20, 2024
    risk 0.42cvss 6.5epss 0.00

    Ericsson Packet Core Controller (PCC) contains a vulnerability in Access and Mobility Management Function (AMF) where improper input validation can lead to denial of service which may result in service degradation.

  • CVE-2024-53828MedApr 1, 2026
    risk 0.34cvss 5.3epss 0.00

    Ericsson Packet Core Controller (PCC) versions prior to 1.38 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation.

  • CVE-2024-25011MedSep 18, 2025
    risk 0.34cvss 5.3epss 0.00

    Ericsson Catalog Manager and Ericsson Order Care APIs do not have authentication enabled by default. Authentication checks can be configured to remediate the information disclosure issue.

  • CVE-2015-2166Apr 6, 2015
    risk 0.05cvss epss 0.26

    Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI.

  • CVE-2021-43339Nov 3, 2021
    risk 0.04cvss epss 0.10

    In Ericsson Network Location before 2021-07-31, it is possible for an authenticated attacker to inject commands via file_name in the export functionality. For example, a new admin user could be created.

  • CVE-2003-1442Dec 31, 2003
    risk 0.03cvss epss 0.03

    The web administration page for the Ericsson HM220dp ADSL modem does not require authentication, which could allow remote attackers to gain access from the LAN side.

  • CVE-2025-40842Mar 25, 2026
    risk 0.00cvss epss 0.00

    Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Scripting (XSS) vulnerability which, if exploited, can lead to unauthorized disclosure and modification of certain information.

  • CVE-2025-40841Mar 25, 2026
    risk 0.00cvss epss 0.00

    Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Request Forgery (CSRF) vulnerability which, if exploited, can lead to unauthorized modification of certain information.

  • CVE-2025-27260Mar 25, 2026
    risk 0.00cvss epss 0.00

    Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special Elements vulnerability which, if exploited, can lead to unauthorized modification of certain information

  • CVE-2025-40843Oct 28, 2025
    risk 0.00cvss epss 0.00

    CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldlogger library, which is executed by the CodeChecker…