Lucene search
+L

82 matches found

Cvelist
Cvelist
added 2023/06/16 12:0 a.m.43 views

CVE-2023-25188

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP as a BTS administrator removes security hardenings from the Nokia Single RAN BTS baseband unit, the BTS baseband unit diagnostic tool AaShell which is by default disabled allows unauthenticated access from...

5.1CVSS7.9AI score0.00105EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/06/16 12:0 a.m.46 views

CVE-2023-25186

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP as a BTS administrator removes security hardenings from a Nokia Single RAN BTS baseband unit, a directory path traversal in the Nokia BTS baseband unit diagnostic tool AaShell which is by default disabled...

5.1CVSS5.6AI score0.00189EPSS
Exploits0References2
CVE
CVE
added 2023/06/16 12:0 a.m.64 views

CVE-2023-25186

CVE-2023-25186 affects Nokia Airscale ASIKA Single RAN devices prior to 21B. A directory traversal in the AaShell diagnostic tool can expose the BTS baseband unit internal filesystem if security hardenings are removed by a CSP BTS administrator, with AaShell by default disabled. Impact described ...

5.1CVSS4.2AI score0.00189EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/06/16 12:0 a.m.55 views

CVE-2023-25188

CVE-2023-25188 affects Nokia Airscale ASIKA Single RAN devices before 21B. If security hardenings are removed by a CSP, the AaShell diagnostic tool, which is disabled by default, can allow unauthenticated access from the BTS management network to the embedded Linux OS. This is a local impact risk...

7.8CVSS7.6AI score0.00105EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/06/16 12:0 a.m.25 views

CVE-2023-25185

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. A mobile network solution internal fault was found in Nokia Single RAN software releases. Certain software processes in the BTS internal software design have unnecessarily high privileges to BTS embedded operating syst...

3.8CVSS7.8AI score0.00143EPSS
Exploits0References2
NVD
NVD
added 2023/06/14 8:15 p.m.28 views

CVE-2023-26062

A mobile network solution internal fault is found in Nokia Web Element Manager before 22 R1, in which an authenticated, unprivileged user can execute administrative functions. Exploitation is not possible from outside of mobile network solution architecture. This means that exploit is not possibl...

7.8CVSS7.2AI score0.00167EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/06/14 12:0 a.m.32 views

CVE-2023-26062

A mobile network solution internal fault is found in Nokia Web Element Manager before 22 R1, in which an authenticated, unprivileged user can execute administrative functions. Exploitation is not possible from outside of mobile network solution architecture. This means that exploit is not possibl...

7CVSS7.9AI score0.00167EPSS
Exploits0References2
Prion
Prion
added 2023/06/02 4:15 a.m.20 views

Design/Logic Flaw

The BT21 x BTS Wallpaper app 12 for Android allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is opened. By injecting...

1.9CVSS5.2AI score0.00366EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2023/06/02 4:15 a.m.23 views

Design/Logic Flaw

The BT21 x BTS Wallpaper app 12 for Android allows unauthorized apps to actively request permission to modify data in the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the app is opened. An attacker could tamper with...

4.4CVSS7.4AI score0.00374EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2023/06/02 12:0 a.m.42 views

CVE-2023-29724

CVE-2023-29724 affects the BT21 x BTS Wallpaper app (Android) v12. The vulnerability allows unauthorized apps to request permission to modify the database that stores a user’s personal preference data, which is loaded into memory when the app opens. An attacker could tamper with this data to achi...

7.8CVSS7.4AI score0.00374EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/06/02 12:0 a.m.51 views

CVE-2023-29725

The CVE-2023-29725 entry concerns the BT21 x BTS Wallpaper app (Android) version 12, where unauthorized applications can inject data into the app’s database of user preferences. This injected data is loaded into memory when the app opens, allowing attackers to force the UI to display malicious im...

5.5CVSS5.2AI score0.00366EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/06/02 12:0 a.m.37 views

CVE-2023-29725

The BT21 x BTS Wallpaper app 12 for Android allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is opened. By injecting...

5.5AI score0.00366EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/06/02 12:0 a.m.27 views

CVE-2023-29724

The BT21 x BTS Wallpaper app 12 for Android allows unauthorized apps to actively request permission to modify data in the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the app is opened. An attacker could tamper with...

7.7AI score0.00374EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/06/02 12:0 a.m.9 views

PT-2023-22377 · Unknown · Bt21 X Bts Wallpaper

Name of the Vulnerable Software and Affected Versions: BT21 x BTS Wallpaper app version 12 for Android Description: The issue allows unauthorized applications to request permission to insert data into the database that records user personal preferences. This data is loaded into memory when the...

5.5CVSS7.2AI score0.00366EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2023/06/02 12:0 a.m.5 views

PT-2023-22376 · Unknown · Bt21 X Bts Wallpaper

Name of the Vulnerable Software and Affected Versions: BT21 x BTS Wallpaper app version 12 Description: The issue allows unauthorized apps to request permission to modify data in the database that records user personal preferences. This data is loaded into memory when the app is opened, and an...

7.8CVSS7.2AI score0.00374EPSS
Exploits1References5
Check Point Advisories
Check Point Advisories
added 2022/08/30 12:0 a.m.29 views

Nokia BTS TRS Web Console Authentication Bypass (CVE-2021-31932)

An authentication bypass vulnerability exists in Nokia BTS TRS Web Console. Successful exploitation of this vulnerability would allow remote attacker to obtain sensitive information and gain unauthorized access into the affected system...

7.5CVSS5.8AI score0.21639EPSS
Exploits3
NVD
NVD
added 2022/02/11 6:15 p.m.45 views

CVE-2021-31932

Nokia BTS TRS web console FTMW20FP22019.08.160010 allows Authentication Bypass. A malicious unauthenticated user can get access to all the functionalities exposed via the web panel, circumventing the authentication process, by using URL encoding for the . dot character...

9.8CVSS0.21639EPSS
Exploits3References1
Prion
Prion
added 2022/02/11 6:15 p.m.22 views

Authentication flaw

Nokia BTS TRS web console FTMW20FP22019.08.160010 allows Authentication Bypass. A malicious unauthenticated user can get access to all the functionalities exposed via the web panel, circumventing the authentication process, by using URL encoding for the . dot character...

7.5CVSS9.6AI score0.21639EPSS
Exploits3References1Affected Software1
Cvelist
Cvelist
added 2022/02/11 5:37 p.m.43 views

CVE-2021-31932

Nokia BTS TRS web console FTMW20FP22019.08.160010 allows Authentication Bypass. A malicious unauthenticated user can get access to all the functionalities exposed via the web panel, circumventing the authentication process, by using URL encoding for the . dot character...

9.9AI score0.21639EPSS
Exploits3References1
CVE
CVE
added 2022/02/11 5:37 p.m.92 views

CVE-2021-31932

The CVE affects Nokia BTS TRS Web Console (FTM_W20_FP2_2019.08.16_0010). A vulnerability in how the web server (lighttpd) handles special character encoding allows an unauthenticated attacker to bypass authentication via URL-encoded dot characters, granting access to all web panel functionalities...

9.8CVSS9.6AI score0.21639EPSS
Exploits3References1Affected Software1
Rows per page
Query Builder