VYPR
Vendor

Nokia

Nokia Corporation is a Finnish multinational telecommunications, information technology, and consumer electronics corporation, originally established as a pulp mill in 1865. Nokia's main headquarters are in Espoo, Finland, in the Helsinki metropolitan area, but the company's actual roots are in the Tampere region of Pirkanmaa. In 2020, Nokia employed approximately 92,000 people across over 100 countries, did business in more than 130 countries, and reported annual revenues of around €23 billion. Nokia is a public limited company listed on the Nasdaq Helsinki and New York Stock Exchange.

Founded 1865
Products
78
CVEs
149
Across products
132
Status
Private

Products

78
View all 78 products →

Recent CVEs

149
View all 149 CVEs →
  • CVE-2025-34037CriJun 24, 2025
    risk 0.75cvss epss 0.85

    An OS command injection vulnerability exists in various models of E-Series Linksys routers via the /tmUnblock.cgi and /hndUnblock.cgi endpoints over HTTP on port 8080. The CGI scripts improperly process user-supplied input passed to the ttcp_ip parameter without sanitization,…

  • CVE-2025-9962CriSep 23, 2025
    risk 0.65cvss epss 0.01

    A buffer overflow vulnerability in Novakon P series allows attackers to gain root permission without prior authentication.This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 (commit d0f97fd9).

  • CVE-2025-9963CriSep 23, 2025
    risk 0.61cvss epss 0.00

    A path traversal vulnerability in Novakon P series allows to expose the root file system "/" and modify all files with root permissions. This way the system can also be compromized.This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build …

  • CVE-2025-9965CriSep 23, 2025
    risk 0.60cvss epss 0.01

    Improper authentication vulnerability in Novakon P series allows unauthenticated attackers to upload and download any application from/to the device.This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 (commit d0f97fd9).

  • CVE-2023-49564HigSep 18, 2025
    risk 0.57cvss 8.8epss 0.00

    The CBIS/NCS Manager API is vulnerable to an authentication bypass. By sending a specially crafted HTTP header, an unauthenticated user can gain unauthorized access to API functions. This flaw allows attackers to reach restricted or sensitive endpoints of the HTTP API without…

  • CVE-2025-9964HigSep 23, 2025
    risk 0.56cvss epss 0.00

    No password for the root user is set in Novakon P series. This allows phyiscal attackers to enter the console easily. This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 (commit d0f97fd9).

  • CVE-2023-49565HigSep 18, 2025
    risk 0.55cvss 8.4epss 0.01

    The cbis_manager Podman container is vulnerable to remote command execution via the /api/plugins endpoint. Improper sanitization of the HTTP Headers X-FILENAME, X-PAGE, and X-FIELD allows for command injection. These headers are directly utilized within the subprocess.Popen…

  • CVE-2025-24818HigApr 7, 2026
    risk 0.52cvss 8.0epss 0.01

    Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Log Search application.

  • CVE-2025-24817HigApr 7, 2026
    risk 0.52cvss 8.0epss 0.01

    Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Symptom Collector application.

  • CVE-2025-9974HigFeb 2, 2026
    risk 0.52cvss 8.0epss 0.00

    The unified WEBUI application of the ONT/Beacon device contains an input handling flaw that allows authenticated users to trigger unintended system-level command execution. Due to insufficient validation of user-supplied data, a low-privileged authenticated attacker may be able…

  • CVE-2025-9966HigSep 23, 2025
    risk 0.47cvss epss 0.00

    Improper privilege management vulnerability in Novakon P series allows attackers to gain root privileges if one service is compromized.This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 (commit d0f97fd9).

  • CVE-2023-6729HigOct 17, 2024
    risk 0.47cvss 7.3epss 0.00

    Nokia SR OS routers allow read-write access to the entire file system via SFTP or SCP for users configured with "access console." Consequently, a low privilege authenticated user with "access console" can read or replace the router configuration file as well as other files…

  • CVE-2023-38293HigApr 22, 2024
    risk 0.47cvss 7.3epss 0.01

    Certain software builds for the Nokia C200 and Nokia C100 Android devices contain a vulnerable, pre-installed app with a package name of com.tracfone.tfstatus (versionCode='31', versionName='12') that allows local third-party apps to execute arbitrary AT commands in its context…

  • CVE-2025-24332HigJul 2, 2025
    risk 0.46cvss 7.1epss 0.00

    Nokia Single RAN AirScale baseband allows an authenticated administrative user access to all physical boards after performing a single login to the baseband system board. The baseband does not re-authenticate the user when they connect from the baseband system board to the…

  • CVE-2022-45899MedMay 8, 2026
    risk 0.42cvss 6.5epss 0.01

    Nokia Broadcast Message Center (BMC) before 13.1 allows an unauthenticated remote attacker to do OS command injection as root via shell metacharacters in the Log Scanner Search Pattern field.

  • CVE-2025-0980MedJan 7, 2026
    risk 0.42cvss 6.4epss 0.00

    Nokia SR Linux is vulnerable to an authentication vulnerability allowing unauthorized access to the JSON-RPC service. When exploited, an invalid validation allows JSON RPC access without providing valid authentication credentials.

  • CVE-2025-62759MedDec 31, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Tadlock Series series allows Stored XSS.This issue affects Series: from n/a through <= 2.0.1.

  • CVE-2025-24333MedJul 2, 2025
    risk 0.42cvss 6.4epss 0.00

    Nokia Single RAN baseband software earlier than 24R1-SR 1.0 MP contains administrative shell input validation fault, which authenticated admin user can, in theory, potentially use for injecting arbitrary commands for unprivileged baseband OAM service process execution via…

  • CVE-2025-24331MedJul 2, 2025
    risk 0.42cvss 6.4epss 0.00

    The Single RAN baseband OAM service is intended to run as an unprivileged service. However, it initially starts with root privileges and assigns certain capabilities before dropping to an unprivileged level. The capabilities retained from the root period are considered extensive…

  • CVE-2025-24330MedJul 2, 2025
    risk 0.42cvss 6.4epss 0.00

    Sending a crafted SOAP "provision" operation message PlanId field within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause path traversal issue in Nokia Single RAN baseband software with versions earlier than release 24R1-SR 1.0…