Lucene search
K

1543 matches found

Positive Technologies
Positive Technologies
added 2021/12/23 12:0 a.m.3 views

PT-2021-24241 · Open5Gs · Open5Gs

Name of the Vulnerable Software and Affected Versions: Open5GS version 2.4.0 Description: A crafted packet from a UE can cause a crash in the SGW-U/UPF component. This issue can potentially be used to deploy a denial-of-service DoS attack on private 5G networks. Recommendations: For Open5GS versi...

7.5CVSS7.3AI score0.04405EPSS
Exploits0References5
Cvelist
Cvelist
added 2021/12/23 12:0 a.m.24 views

CVE-2021-45462

In Open5GS 2.4.0, a crafted packet from UE can crash SGW-U/UPF...

7.5CVSS7.7AI score0.04405EPSS
Exploits0References2
CNVD
CNVD
added 2021/10/10 12:0 a.m.2 views

Open5Gs Buffer Overflow Vulnerability (CNVD-2025-18596)

Open5Gs is an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS suffers from a buffer overflow vulnerability that can be exploited by an attacker to cause a denial of service...

7.5CVSS7.2AI score0.01183EPSS
Exploits1References1
OSV
OSV
added 2021/10/07 3:15 p.m.34 views

CVE-2021-41794

ogsfqdnparse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. The attacker can send a PFCP Session Establishment Request with "internet" as the PDI Network Instance. The first character is interpreted as a length value to be used ...

7.5CVSS7AI score0.01183EPSS
Exploits1References1
NVD
NVD
added 2021/10/07 3:15 p.m.40 views

CVE-2021-41794

ogsfqdnparse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. The attacker can send a PFCP Session Establishment Request with "internet" as the PDI Network Instance. The first character is interpreted as a length value to be used ...

7.5CVSS0.01183EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2021/10/07 3:15 p.m.2 views

CVE-2021-41794

ogsfqdnparse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. The attacker can send a PFCP Session Establishment Request with "internet" as the PDI Network Instance. The first character is interpreted as a length value to be used ...

7.5CVSS7.5AI score0.01183EPSS
Exploits1References2
Prion
Prion
added 2021/10/07 3:15 p.m.19 views

Buffer overflow

ogsfqdnparse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. The attacker can send a PFCP Session Establishment Request with "internet" as the PDI Network Instance. The first character is interpreted as a length value to be used ...

5CVSS7.6AI score0.01183EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/10/07 2:57 p.m.55 views

CVE-2021-41794

Open5GS CVE-2021-41794 affects Open5GS versions 1.0.0–2.3.3. The function ogs_fqdn_parse trusts a client-supplied length and uses it in a memcpy into a 100-byte stack buffer, enabling a buffer overflow when processing a PFCP Session Establishment Request with a crafted PDI Network Instance (e.g.,...

7.5CVSS7.5AI score0.01183EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/10/07 2:57 p.m.41 views

CVE-2021-41794

ogsfqdnparse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. The attacker can send a PFCP Session Establishment Request with "internet" as the PDI Network Instance. The first character is interpreted as a length value to be used ...

7.8AI score0.01183EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/10/07 12:0 a.m.2 views

Open5Gs 安全漏洞

Open5Gs is an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS suffers from a buffer overflow vulnerability that can be exploited by an attacker to cause a denial of service...

7.5CVSS7.7AI score0.01183EPSS
Exploits1References2
NVD
NVD
added 2021/03/10 3:15 p.m.26 views

CVE-2021-28122

A request-validation issue was discovered in Open5GS 2.1.3 through 2.2.x before 2.2.1. The WebUI component allows an unauthenticated user to use a crafted HTTP API request to create, read, update, or delete entries in the subscriber database. For example, new administrative users can be added. Th...

9.8CVSS0.03962EPSS
Exploits1References4
OSV
OSV
added 2021/03/10 3:15 p.m.19 views

CVE-2021-28122

A request-validation issue was discovered in Open5GS 2.1.3 through 2.2.x before 2.2.1. The WebUI component allows an unauthenticated user to use a crafted HTTP API request to create, read, update, or delete entries in the subscriber database. For example, new administrative users can be added. Th...

9.8CVSS6.8AI score
Exploits0References4
Prion
Prion
added 2021/03/10 3:15 p.m.29 views

Cross site request forgery (csrf)

A request-validation issue was discovered in Open5GS 2.1.3 through 2.2.x before 2.2.1. The WebUI component allows an unauthenticated user to use a crafted HTTP API request to create, read, update, or delete entries in the subscriber database. For example, new administrative users can be added. Th...

7.5CVSS9.2AI score0.03962EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2021/03/10 2:34 p.m.32 views

CVE-2021-28122

A request-validation issue was discovered in Open5GS 2.1.3 through 2.2.x before 2.2.1. The WebUI component allows an unauthenticated user to use a crafted HTTP API request to create, read, update, or delete entries in the subscriber database. For example, new administrative users can be added. Th...

9.5AI score0.03962EPSS
Exploits1References4
CVE
CVE
added 2021/03/10 2:34 p.m.55 views

CVE-2021-28122

Open5GS WebUI prior to 2.2.1 is affected by a request-validation issue that allows an unauthenticated attacker to perform CRUD operations on the subscriber database due to Express not requiring authentication. Affected versions are 2.1.3 through 2.2.x before 2.2.1. The issue enables actions such ...

9.8CVSS9.3AI score0.03962EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2021/03/10 12:0 a.m.3 views

Sukchan Lee open5gs 访问控制错误漏洞

Sukchan Lee open5gs is a Sukchan Lee open source software applications. It provides a series of software components and network functions that implement 4G,5G,NSA and 5G,SA core functions. An access control error vulnerability exists in Sukchan Lee open5gs versions 2.1.3 through 2.2.0, which stem...

9.8CVSS8.3AI score0.03962EPSS
Exploits1References5
NVD
NVD
added 2021/01/26 6:16 p.m.17 views

CVE-2021-25863

Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account...

8.8CVSS8.9AI score0.01249EPSS
Exploits1References1
OSV
OSV
added 2021/01/26 6:16 p.m.10 views

CVE-2021-25863

Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account...

8.8CVSS7.1AI score
Exploits0References1
Prion
Prion
added 2021/01/26 6:16 p.m.12 views

Default credentials

Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account...

8.3CVSS8.8AI score0.01249EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/01/26 7:5 a.m.59 views

CVE-2021-25863

Open5GS CVE-2021-25863 affects Open5GS 2.1.3, where the admin account uses a default password of 1423 and the service listens on 0.0.0.0:3000. This could allow unauthorized access if the default credentials are not changed. The issue is documented across multiple sources in the connected data, wh...

8.8CVSS8.8AI score0.01249EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder