126 matches found
CVE-2026-34762
Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, the PUT /api/v1/subscriber/imsi API accepts an IMSI identifier from both the URL path and the JSON request body but never verifies they match. This allows an authenticated NetworkManager to modify any subscriber's polic...
CVE-2026-34762
Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, the PUT /api/v1/subscriber/imsi API accepts an IMSI identifier from both the URL path and the JSON request body but never verifies they match. This allows an authenticated NetworkManager to modify any subscriber's polic...
CVE-2026-34762
Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, the PUT /api/v1/subscriber/imsi API accepts an IMSI identifier from both the URL path and the JSON request body but never verifies they match. This allows an authenticated NetworkManager to modify any subscriber's polic...
Ella Core 输入验证错误漏洞
Ella Core is an open-source solution developed by Ella Networks for use in private networks as a 5G core network solution. Prior to version 1.8.0 of Ella Core, there was a vulnerability related to input validation errors. This vulnerability stemmed from the lack of validation in the PUT...
CVE-2022-33687
Exposure of Sensitive Information in telephony-common.jar prior to SMR Jul-2022 Release 1 allows local attackers to access IMSI via log...
CVE-2022-33697
Sensitive information exposure vulnerability in ImsServiceSwitchBase in ImsCore prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log...
CVE-2022-33688
Sensitive information exposure vulnerability in EventType in SecTelephonyProvider prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log...
CVE-2025-65805
OpenAirInterface CN5G AMF=v2.1.9 has a buffer overflow vulnerability in processing NAS messages. Unauthorized remote attackers can launch a denial-of-service attack and potentially execute malicious code by accessing port N1 and sending an imsi string longer than 1000 to AMF...
CVE-2025-65805
OpenAirInterface CN5G AMF=v2.1.9 has a buffer overflow vulnerability in processing NAS messages. Unauthorized remote attackers can launch a denial-of-service attack and potentially execute malicious code by accessing port N1 and sending an imsi string longer than 1000 to AMF...
CVE-2025-65805
OpenAirInterface CN5G AMF=v2.1.9 has a buffer overflow vulnerability in processing NAS messages. Unauthorized remote attackers can launch a denial-of-service attack and potentially execute malicious code by accessing port N1 and sending an imsi string longer than 1000 to AMF...
PT-2026-1850
Name of the Vulnerable Software and Affected Versions OpenAirInterface CN5G AMF versions prior to v2.1.9 Description A buffer overflow condition exists in the processing of NAS messages. Remote attackers can potentially cause a denial-of-service and possibly execute code by sending an imsi string...
CVE-2025-65805
OpenAirInterface CN5G AMF=v2.1.9 has a buffer overflow vulnerability in processing NAS messages. Unauthorized remote attackers can launch a denial-of-service attack and potentially execute malicious code by accessing port N1 and sending an imsi string longer than 1000 to AMF...
CVE-2025-63292
Freebox v5 HD firmware = 1.7.20, Freebox v5 Crystal firmware = 1.7.20, Freebox v6 Révolution r1–r3 firmware = 4.7.x, Freebox Mini 4K firmware = 4.7.x, and Freebox One firmware = 4.7.x were discovered to expose subscribers' IMSI identifiers in plaintext during the initial phase of EAP-SIM...
CVE-2025-63292
Freebox v5 HD firmware = 1.7.20, Freebox v5 Crystal firmware = 1.7.20, Freebox v6 Révolution r1–r3 firmware = 4.7.x, Freebox Mini 4K firmware = 4.7.x, and Freebox One firmware = 4.7.x were discovered to expose subscribers' IMSI identifiers in plaintext during the initial phase of EAP-SIM...
Freebox多款产品 安全漏洞
Freebox v5 and others are a TV box from the French company Free. A security vulnerability exists in various Freebox products, which stems from the explicit transmission of IMSI identifiers and could lead to device tracking and user monitoring. The following products and versions are affected: the...
CVE-2025-63292
CVE-2025-63292 affects Freebox v5 HD (firmware 1.7.20), Freebox v5 Crystal (1.7.20), Freebox v6 Révolution r1–r3 (4.7.x), Freebox Mini 4K (4.7.x), and Freebox One (4.7.x). The root issue is that during the initial phase of EAP-SIM over the FreeWifi_secure network, the subscriber’s full NAI (embed...
EUVD-2021-12254
Malware in sbrugna...
EUVD-2021-12347
Malware in sbrugna...
EUVD-2019-14912
Malware in sbrugna...
EUVD-2019-7148
Malware in sbrugna...