15 matches found
CVE-2019-3917
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 allows a remote, unauthenticated attacker to enable telnetd on the router via a crafted HTTP request...
CVE-2019-3921
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, authenticated attacker to /GponForm/usbForm?script/. An attacker can leverage this vulnerability to potentially execute arbitrary cod...
CVE-2019-3920
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to authenticated command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/deviceForm?script/...
CVE-2019-3922
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, unauthenticated attacker to /GponForm/fsetupForm. An attacker can leverage this vulnerability to potentially execute arbitrary code...
Command injection
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/usbrestoreForm?script/...
Stack overflow
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, unauthenticated attacker to /GponForm/fsetupForm. An attacker can leverage this vulnerability to potentially execute arbitrary code...
CVE-2019-3919
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/usbrestoreForm?script/...
CVE-2019-3918
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 contains multiple hard coded credentials for the Telnet and SSH interfaces...
CVE-2019-3921
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, authenticated attacker to /GponForm/usbForm?script/. An attacker can leverage this vulnerability to potentially execute arbitrary cod...
CVE-2019-3917
The CVE-2019-3917 entry concerns the Alcatel Lucent I-240W-Q GPON ONT running firmware 3FE54567BOZJ19. A remote, unauthenticated attacker can enable telnetd on the router via a crafted HTTP request. Connected sources corroborate a remote, unauthenticated telnet enable/disable vulnerability, with ...
CVE-2019-3918
The CVE-2019-3918 entry concerns the Alcatel Lucent I-240W-Q GPON ONT with firmware 3FE54567BOZJ19, which contains multiple hard coded credentials for Telnet and SSH interfaces. The vulnerability is supported by multiple sources: NVD details show a network-facing issue with high impact (C/H/I/A) ...
CVE-2019-3920
CVE-2019-3920 affects Alcatel Lucent I-240W-Q GPON ONT with firmware 3FE54567BOZJ19. The vulnerability is an authenticated command-injection flaw exploitable by a remote, authenticated attacker sending a crafted HTTP request to /GponForm/device_Form?script/. The core impact is authenticated remot...
CVE-2019-3922
The CVE-2019-3922 entry involves the Alcatel Lucent I-240W-Q GPON ONT with firmware 3FE54567BOZJ19, vulnerable to a stack buffer overflow triggered by a crafted HTTP POST to /GponForm/fsetup_Form. The vulnerability is exploitable remotely and unauthenticated, potentially allowing arbitrary code e...
CVE-2019-3919
The CVE-2019-3919 entry concerns the Alcatel Lucent I-240W-Q GPON ONT with firmware 3FE54567BOZJ19, vulnerable to command injection via a crafted HTTP request to /GponForm/usb_restore_Form?script/. The issue is exploitable by a remote, authenticated attacker and affects the targeted firmware as d...
PT-2019-16774 · Alcatel Lucent · Alcatel Lucent I-240W-Q Gpon Ont
Name of the Vulnerable Software and Affected Versions: Alcatel Lucent I-240W-Q GPON ONT version 3FE54567BOZJ19 Description: The issue allows command injection via crafted HTTP requests sent by a remote, authenticated attacker to the "/GponForm/usb restore Form?script/" endpoint. This enables the...