1543 matches found
PT-2021-24241 · Open5Gs · Open5Gs
Name of the Vulnerable Software and Affected Versions: Open5GS version 2.4.0 Description: A crafted packet from a UE can cause a crash in the SGW-U/UPF component. This issue can potentially be used to deploy a denial-of-service DoS attack on private 5G networks. Recommendations: For Open5GS versi...
CVE-2021-45462
In Open5GS 2.4.0, a crafted packet from UE can crash SGW-U/UPF...
Open5Gs Buffer Overflow Vulnerability (CNVD-2025-18596)
Open5Gs is an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS suffers from a buffer overflow vulnerability that can be exploited by an attacker to cause a denial of service...
CVE-2021-41794
ogsfqdnparse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. The attacker can send a PFCP Session Establishment Request with "internet" as the PDI Network Instance. The first character is interpreted as a length value to be used ...
CVE-2021-41794
ogsfqdnparse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. The attacker can send a PFCP Session Establishment Request with "internet" as the PDI Network Instance. The first character is interpreted as a length value to be used ...
CVE-2021-41794
ogsfqdnparse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. The attacker can send a PFCP Session Establishment Request with "internet" as the PDI Network Instance. The first character is interpreted as a length value to be used ...
Buffer overflow
ogsfqdnparse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. The attacker can send a PFCP Session Establishment Request with "internet" as the PDI Network Instance. The first character is interpreted as a length value to be used ...
CVE-2021-41794
Open5GS CVE-2021-41794 affects Open5GS versions 1.0.0–2.3.3. The function ogs_fqdn_parse trusts a client-supplied length and uses it in a memcpy into a 100-byte stack buffer, enabling a buffer overflow when processing a PFCP Session Establishment Request with a crafted PDI Network Instance (e.g.,...
CVE-2021-41794
ogsfqdnparse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. The attacker can send a PFCP Session Establishment Request with "internet" as the PDI Network Instance. The first character is interpreted as a length value to be used ...
Open5Gs 安全漏洞
Open5Gs is an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS suffers from a buffer overflow vulnerability that can be exploited by an attacker to cause a denial of service...
CVE-2021-28122
A request-validation issue was discovered in Open5GS 2.1.3 through 2.2.x before 2.2.1. The WebUI component allows an unauthenticated user to use a crafted HTTP API request to create, read, update, or delete entries in the subscriber database. For example, new administrative users can be added. Th...
CVE-2021-28122
A request-validation issue was discovered in Open5GS 2.1.3 through 2.2.x before 2.2.1. The WebUI component allows an unauthenticated user to use a crafted HTTP API request to create, read, update, or delete entries in the subscriber database. For example, new administrative users can be added. Th...
Cross site request forgery (csrf)
A request-validation issue was discovered in Open5GS 2.1.3 through 2.2.x before 2.2.1. The WebUI component allows an unauthenticated user to use a crafted HTTP API request to create, read, update, or delete entries in the subscriber database. For example, new administrative users can be added. Th...
CVE-2021-28122
A request-validation issue was discovered in Open5GS 2.1.3 through 2.2.x before 2.2.1. The WebUI component allows an unauthenticated user to use a crafted HTTP API request to create, read, update, or delete entries in the subscriber database. For example, new administrative users can be added. Th...
CVE-2021-28122
Open5GS WebUI prior to 2.2.1 is affected by a request-validation issue that allows an unauthenticated attacker to perform CRUD operations on the subscriber database due to Express not requiring authentication. Affected versions are 2.1.3 through 2.2.x before 2.2.1. The issue enables actions such ...
Sukchan Lee open5gs 访问控制错误漏洞
Sukchan Lee open5gs is a Sukchan Lee open source software applications. It provides a series of software components and network functions that implement 4G,5G,NSA and 5G,SA core functions. An access control error vulnerability exists in Sukchan Lee open5gs versions 2.1.3 through 2.2.0, which stem...
CVE-2021-25863
Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account...
CVE-2021-25863
Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account...
Default credentials
Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account...
CVE-2021-25863
Open5GS CVE-2021-25863 affects Open5GS 2.1.3, where the admin account uses a default password of 1423 and the service listens on 0.0.0.0:3000. This could allow unauthorized access if the default credentials are not changed. The issue is documented across multiple sources in the connected data, wh...