VYPR

Vendor CVEs

Nokia

All CVEs

149 total · sorted by risk
  • CVE-2022-36222Dec 21, 2022
    risk 0.00cvss epss 0.00

    Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin account of admin:Nq+L5st7o This account can be used locally to access the web admin interface.

  • CVE-2022-28866Oct 11, 2022
    risk 0.00cvss epss 0.01

    Multiple Improper Access Control was discovered in Nokia AirFrame BMC Web GUI < R18 Firmware v4.13.00. It does not properly validate requests for access to (or editing of) data and functionality in all endpoints under /#settings/* and /api/settings/*. By not verifying the…

  • CVE-2022-40715Sep 19, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in NOKIA 1350OMS R14.2. An Absolute Path Traversal vulnerability exists for a specific endpoint via the logfile parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily.

  • CVE-2022-40714Sep 19, 2022
    risk 0.00cvss epss 0.00

    An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /oms1350/* endpoints.

  • CVE-2022-40713Sep 19, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in NOKIA 1350OMS R14.2. Multiple Relative Path Traversal issues exist in different specific endpoints via the file parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily.

  • CVE-2022-40712Sep 19, 2022
    risk 0.00cvss epss 0.00

    An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /cgi-bin/R14.2* endpoints.

  • CVE-2022-38788Sep 15, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2104.00.0281. Bluetooth on the Nokia ODU uses outdated pairing mechanisms, allowing an attacker to passively intercept a paring handshake and (after offline cracking) retrieve the PIN and LTK (long-term key).

  • CVE-2022-39814Sep 13, 2022
    risk 0.00cvss epss 0.00

    In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP GET parameter.

  • CVE-2022-39816Sep 13, 2022
    risk 0.00cvss epss 0.01

    In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials (cleartext administrator password) occur in the edit configuration page. Exploitation requires an authenticated attacker.

  • CVE-2022-39817Sep 13, 2022
    risk 0.00cvss epss 0.01

    In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occurs. Exploitation requires an authenticated attacker. Through the injection of arbitrary SQL statements, a potential authenticated attacker can modify query syntax and perform unauthorized (and unexpected)…

  • CVE-2022-39819Sep 13, 2022
    risk 0.00cvss epss 0.01

    In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs. This allows authenticated users to execute commands on the operating system.

  • CVE-2022-39821Sep 13, 2022
    risk 0.00cvss epss 0.01

    In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerability occurs. The web application stores critical information, such as cleartext user credentials, in world-readable files in the filesystem.

  • CVE-2021-41487Jun 16, 2022
    risk 0.00cvss epss 0.02

    NOKIA VitalSuite SPM 2020 is affected by SQL injection through UserName'.

  • CVE-2022-30903Jun 14, 2022
    risk 0.00cvss epss 0.01

    Nokia "G-2425G-A" Bharti Airtel Routers Hardware version "3FE48299DEAA" Software Version "3FE49362IJHK42" is vulnerable to Cross-Site Scripting (XSS) via the admin->Maintenance>Device Management.

  • CVE-2021-35487May 25, 2022
    risk 0.00cvss epss 0.01

    Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates (for the Manage Alerts page) via the extIdentifier HTTP POST parameter. This allows an attacker to obtain…

  • CVE-2021-45896Dec 27, 2021
    risk 0.00cvss epss 0.02

    Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an authenticated user via is_ctc_admin=1 to login_web_app.cgi and use of Import Config File.

  • CVE-2021-30003Apr 2, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices. There is Stored XSS in the administrative interface via urlfilter.cgi?add url_address.

  • CVE-2021-26596Mar 25, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in Nokia NetAct 18A. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a…

  • CVE-2021-26597Mar 25, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in Nokia NetAct 18A. A remote user, authenticated to the NOKIA NetAct Web Page, can visit the Site Configuration Tool web site section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction…

  • CVE-2019-20769Apr 17, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in LG PC Suite for LG G3 and earlier (aka LG PC Suite v5.3.27 and earlier). DLL Hijacking can occur via a Trojan horse DLL in the current working directory. The LG ID is LVE-MOT-190001 (November 2019).

  • CVE-2020-10264Apr 6, 2020
    risk 0.00cvss epss 0.01

    CB3 SW Version 3.3 and upwards, e-series SW Version 5.0 and upwards allow authenticated access to the RTDE (Real-Time Data Exchange) interface on port 30004 which allows setting registers, the speed slider fraction as well as digital and analog Outputs. Additionally…

  • CVE-2019-17406Nov 25, 2019
    risk 0.00cvss epss 0.01

    Nokia IMPACT < 18A has path traversal that may lead to RCE if chained with CVE-2019-1743

  • CVE-2019-17405Nov 25, 2019
    risk 0.00cvss epss 0.01

    Nokia IMPACT < 18A: has Reflected self XSS

  • CVE-2019-17404Nov 25, 2019
    risk 0.00cvss epss 0.01

    Nokia IMPACT < 18A: allows full path disclosure

  • CVE-2019-17403Nov 25, 2019
    risk 0.00cvss epss 0.03

    Nokia IMPACT < 18A: An unrestricted File Upload vulnerability was found that may lead to Remote Code Execution.

  • CVE-2019-14698Aug 6, 2019
    risk 0.00cvss epss 0.04

    An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. In a CGI program running under the HTTPD web server, a buffer overflow in the param parameter leads to remote code execution in the context of the nobody account.

  • CVE-2015-6929Sep 16, 2015
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Nokia Networks (formerly Nokia Solutions and Networks and Nokia Siemens Networks) @vantage Commander allow remote attackers to inject arbitrary web script or HTML via the (1) idFilter or (2) nameFilter parameter to…

  • CVE-2011-1472Mar 29, 2011
    risk 0.00cvss epss 0.00

    The Nokia E75 phone with firmware before 211.12.01 allows physically proximate attackers to bypass the Device Lock code by entering an unspecified button sequence at boot time.

  • CVE-2010-3374Oct 4, 2010
    risk 0.00cvss epss 0.00

    Qt Creator before 2.0.1 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

  • CVE-2009-4975Aug 2, 2010
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in webview.cpp in QtDemoBrowser allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a "universal XSS" issue, a similar vulnerability to CVE-2010-2536.

  • CVE-2009-2538Jul 20, 2009
    risk 0.00cvss epss 0.03

    The Nokia N95 running Symbian OS 9.2, N82, and N810 Internet Tablet allow remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.

  • CVE-2008-5827Jan 2, 2009
    risk 0.00cvss epss 0.03

    The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware automatically installs software upon completing the download of a JAR file, which makes it easier for remote attackers to execute arbitrary code via a crafted URI record in an NDEF tag.

  • CVE-2008-5826Jan 2, 2009
    risk 0.00cvss epss 0.02

    The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware allows remote attackers to cause a denial of service (device crash) via (1) a large value in the payload length field in an NDEF record, or a certain length for a (2) tel: or (3) sms: NDEF URI.

  • CVE-2008-5825Jan 2, 2009
    risk 0.00cvss epss 0.02

    The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination of space, CR (aka \r), and . (dot) characters, which allows remote attackers to…

  • CVE-2008-3552Aug 8, 2008
    risk 0.00cvss epss 0.06

    Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition FP1, and possibly later devices, allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and persistent MIDlets, aka "ISSUES 11-15." NOTE: as of…

  • CVE-2008-3553Aug 8, 2008
    risk 0.00cvss epss 0.06

    Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition devices allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and persistent MIDlets, aka "ISSUES 3-10." NOTE: as of 20080807, the only disclosure is…

  • CVE-2007-6371Dec 15, 2007
    risk 0.00cvss epss 0.01

    Nokia N95 cell phone with RM-159 12.0.013 firmware allows remote attackers to cause a denial of service (device inoperability) via a SIP INVITE message accompanied by an immediately subsequent SIP CANCEL message, followed by a second SIP INVITE message in a different session.

  • CVE-2007-2591May 11, 2007
    risk 0.00cvss epss 0.02

    usrmgr/userList.asp in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to modify user account details and cause a denial of service (account…

  • CVE-2007-2592May 11, 2007
    risk 0.00cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML…

  • CVE-2007-2590May 11, 2007
    risk 0.00cvss epss 0.02

    Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to obtain user names and other sensitive information via a direct request to (1)…

  • CVE-2007-0523Jan 26, 2007
    risk 0.00cvss epss 0.01

    The Nokia N70 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.

  • CVE-2005-2716Aug 29, 2005
    risk 0.00cvss epss 0.03

    The event_pin_code_request function in the btsrv daemon (btsrv.c) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a Bluetooth device name.

  • CVE-2004-0143Mar 3, 2004
    risk 0.00cvss epss 0.03

    Multiple vulnerabilities in Nokia 6310(i) Mobile phones allow remote attackers to cause a denial of service (reset) via malformed Bluetooth OBject EXchange (OBEX) messages, probably triggering buffer overflows.

  • CVE-2003-0368Feb 3, 2004
    risk 0.00cvss epss 0.02

    Nokia Gateway GPRS support node (GGSN) allows remote attackers to cause a denial of service (kernel panic) via a malformed IP packet with a 0xFF TCP option.

  • CVE-2003-1189Oct 29, 2003
    risk 0.00cvss epss 0.02

    Unknown vulnerability in Nokia IPSO 3.7, configured as IP Clusters, allows remote attackers to cause a denial of service via unknown attack vectors.

  • CVE-2003-0137Mar 18, 2003
    risk 0.00cvss epss 0.01

    SNMP daemon in the DX200 based network element for Nokia Serving GPRS support node (SGSN) allows remote attackers to read SNMP options via arbitrary community strings.

  • CVE-2003-0103Mar 7, 2003
    risk 0.00cvss epss 0.02

    Format string vulnerability in Nokia 6210 handset allows remote attackers to cause a denial of service (crash, lockup, or restart) via a Multi-Part vCard with fields containing a large number of format string specifiers.

  • CVE-2001-1431Oct 8, 2001
    risk 0.00cvss epss 0.01

    Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1 4.1 Service Pack 3, IPSO 3.4 and VPN-1/FireWall-1 4.1 Service Pack 4, and IPSO 3.4 or IPSO 3.4.1 and VPN-1/FireWall-1 4.1 Service Pack 5, when SYN Defender is configured in Active Gateway mode, does not properly…

  • CVE-2001-0299Jun 2, 2001
    risk 0.00cvss epss 0.02

    Buffer overflow in Voyager web administration server for Nokia IP440 allows local users to cause a denial of service, and possibly execute arbitrary commands, via a long URL.

Page 3 of 3