82 matches found
CVE-2023-25188
An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP as a BTS administrator removes security hardenings from the Nokia Single RAN BTS baseband unit, the BTS baseband unit diagnostic tool AaShell which is by default disabled allows unauthenticated access from...
CVE-2023-25186
An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP as a BTS administrator removes security hardenings from a Nokia Single RAN BTS baseband unit, a directory path traversal in the Nokia BTS baseband unit diagnostic tool AaShell which is by default disabled...
CVE-2023-25186
CVE-2023-25186 affects Nokia Airscale ASIKA Single RAN devices prior to 21B. A directory traversal in the AaShell diagnostic tool can expose the BTS baseband unit internal filesystem if security hardenings are removed by a CSP BTS administrator, with AaShell by default disabled. Impact described ...
CVE-2023-25188
CVE-2023-25188 affects Nokia Airscale ASIKA Single RAN devices before 21B. If security hardenings are removed by a CSP, the AaShell diagnostic tool, which is disabled by default, can allow unauthenticated access from the BTS management network to the embedded Linux OS. This is a local impact risk...
CVE-2023-25185
An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. A mobile network solution internal fault was found in Nokia Single RAN software releases. Certain software processes in the BTS internal software design have unnecessarily high privileges to BTS embedded operating syst...
CVE-2023-26062
A mobile network solution internal fault is found in Nokia Web Element Manager before 22 R1, in which an authenticated, unprivileged user can execute administrative functions. Exploitation is not possible from outside of mobile network solution architecture. This means that exploit is not possibl...
CVE-2023-26062
A mobile network solution internal fault is found in Nokia Web Element Manager before 22 R1, in which an authenticated, unprivileged user can execute administrative functions. Exploitation is not possible from outside of mobile network solution architecture. This means that exploit is not possibl...
Design/Logic Flaw
The BT21 x BTS Wallpaper app 12 for Android allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is opened. By injecting...
Design/Logic Flaw
The BT21 x BTS Wallpaper app 12 for Android allows unauthorized apps to actively request permission to modify data in the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the app is opened. An attacker could tamper with...
CVE-2023-29724
CVE-2023-29724 affects the BT21 x BTS Wallpaper app (Android) v12. The vulnerability allows unauthorized apps to request permission to modify the database that stores a user’s personal preference data, which is loaded into memory when the app opens. An attacker could tamper with this data to achi...
CVE-2023-29725
The CVE-2023-29725 entry concerns the BT21 x BTS Wallpaper app (Android) version 12, where unauthorized applications can inject data into the app’s database of user preferences. This injected data is loaded into memory when the app opens, allowing attackers to force the UI to display malicious im...
CVE-2023-29725
The BT21 x BTS Wallpaper app 12 for Android allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is opened. By injecting...
CVE-2023-29724
The BT21 x BTS Wallpaper app 12 for Android allows unauthorized apps to actively request permission to modify data in the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the app is opened. An attacker could tamper with...
PT-2023-22377 · Unknown · Bt21 X Bts Wallpaper
Name of the Vulnerable Software and Affected Versions: BT21 x BTS Wallpaper app version 12 for Android Description: The issue allows unauthorized applications to request permission to insert data into the database that records user personal preferences. This data is loaded into memory when the...
PT-2023-22376 · Unknown · Bt21 X Bts Wallpaper
Name of the Vulnerable Software and Affected Versions: BT21 x BTS Wallpaper app version 12 Description: The issue allows unauthorized apps to request permission to modify data in the database that records user personal preferences. This data is loaded into memory when the app is opened, and an...
Nokia BTS TRS Web Console Authentication Bypass (CVE-2021-31932)
An authentication bypass vulnerability exists in Nokia BTS TRS Web Console. Successful exploitation of this vulnerability would allow remote attacker to obtain sensitive information and gain unauthorized access into the affected system...
CVE-2021-31932
Nokia BTS TRS web console FTMW20FP22019.08.160010 allows Authentication Bypass. A malicious unauthenticated user can get access to all the functionalities exposed via the web panel, circumventing the authentication process, by using URL encoding for the . dot character...
Authentication flaw
Nokia BTS TRS web console FTMW20FP22019.08.160010 allows Authentication Bypass. A malicious unauthenticated user can get access to all the functionalities exposed via the web panel, circumventing the authentication process, by using URL encoding for the . dot character...
CVE-2021-31932
Nokia BTS TRS web console FTMW20FP22019.08.160010 allows Authentication Bypass. A malicious unauthenticated user can get access to all the functionalities exposed via the web panel, circumventing the authentication process, by using URL encoding for the . dot character...
CVE-2021-31932
The CVE affects Nokia BTS TRS Web Console (FTM_W20_FP2_2019.08.16_0010). A vulnerability in how the web server (lighttpd) handles special character encoding allows an unauthenticated attacker to bypass authentication via URL-encoded dot characters, granting access to all web panel functionalities...