CVE-2019-3920

CVE-2019-3920 affects Alcatel Lucent I-240W-Q GPON ONT with firmware 3FE54567BOZJ19. The vulnerability is an authenticated command-injection flaw exploitable by a remote, authenticated attacker sending a crafted HTTP request to /GponForm/device_Form?script/. The core impact is authenticated remot...

CVE-2019-3919

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/usbrestoreForm?script/...

CVE-2019-3919

The CVE-2019-3919 entry concerns the Alcatel Lucent I-240W-Q GPON ONT with firmware 3FE54567BOZJ19, vulnerable to command injection via a crafted HTTP request to /GponForm/usb_restore_Form?script/. The issue is exploitable by a remote, authenticated attacker and affects the targeted firmware as d...

CVE-2019-3920

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to authenticated command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/deviceForm?script/...

CVE-2019-3917

The CVE-2019-3917 entry concerns the Alcatel Lucent I-240W-Q GPON ONT running firmware 3FE54567BOZJ19. A remote, unauthenticated attacker can enable telnetd on the router via a crafted HTTP request. Connected sources corroborate a remote, unauthenticated telnet enable/disable vulnerability, with ...

CVE-2019-3921

The CVE-2019-3921 vulnerability affects the Alcatel-Lucent I-240W-Q GPON ONT running firmware 3FE54567BOZJ19. A stack buffer overflow can be triggered by a crafted HTTP POST to /GponForm/usb_Form?script/, allowing a remote, authenticated attacker to potentially execute arbitrary code. The availab...

CVE-2019-3918

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 contains multiple hard coded credentials for the Telnet and SSH interfaces...

CVE-2019-3918

The CVE-2019-3918 entry concerns the Alcatel Lucent I-240W-Q GPON ONT with firmware 3FE54567BOZJ19, which contains multiple hard coded credentials for Telnet and SSH interfaces. The vulnerability is supported by multiple sources: NVD details show a network-facing issue with high impact (C/H/I/A) ...

PT-2019-16773 · Alcatel Lucent · Alcatel Lucent I-240W-Q Gpon Ont

Name of the Vulnerable Software and Affected Versions: Alcatel Lucent I-240W-Q GPON ONT version 3FE54567BOZJ19 Description: The issue concerns the presence of multiple hard-coded credentials for the Telnet and SSH interfaces in the affected device. This could potentially allow unauthorized access...

PT-2019-16774 · Alcatel Lucent · Alcatel Lucent I-240W-Q Gpon Ont

Name of the Vulnerable Software and Affected Versions: Alcatel Lucent I-240W-Q GPON ONT version 3FE54567BOZJ19 Description: The issue allows command injection via crafted HTTP requests sent by a remote, authenticated attacker to the "/GponForm/usb restore Form?script/" endpoint. This enables the...

Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow

Alcatel-Lucent Nokia GPON I-240W-Q - Buffer Overflow !/usr/bin/python3 import argparse import requests import urllib.parse import binascii import re def runtarget: """ Execute exploitation """ We're using CVE-2018-10561 and/or it's extension in order to exploit this Authenticated RCE in usbForm...

Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow

!/usr/bin/python3 import argparse import requests import urllib.parse import binascii import re def runtarget: """ Execute exploitation """ We're using CVE-2018-10561 and/or it's extension in order to exploit this Authenticated RCE in usbForm method of GPON ONT. We can also exploit this issue aft...

CVE-2015-6498

Alcatel-Lucent Home Device Manager before 4.1.10, 4.2.x before 4.2.2 allows remote attackers to spoof and make calls as target devices...

Code injection

Alcatel-Lucent Home Device Manager before 4.1.10, 4.2.x before 4.2.2 allows remote attackers to spoof and make calls as target devices...

CVE-2015-6498

Alcatel-Lucent Home Device Manager before 4.1.10, 4.2.x before 4.2.2 allows remote attackers to spoof and make calls as target devices...

CVE-2015-6498

Affected product: Alcatel-Lucent Home Device Manager before 4.1.10 and 4.2.x before 4.2.2. Vulnerability: remote attackers can spoof and make calls as target devices. Root cause details are not provided beyond the spoofing capability. Impact: enables spoofing of calls to target devices. Remediati...

CVE-2015-8687

Multiple cross-site scripting XSS vulnerabilities in the Management Console in Alcatel-Lucent Motive Home Device Manager HDM before 4.2 allow remote attackers to inject arbitrary web script or HTML via the 1 deviceTypeID parameter to DeviceType/getDeviceType.do; the 2 policyActionClass or 3...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Management Console in Alcatel-Lucent Motive Home Device Manager HDM before 4.2 allow remote attackers to inject arbitrary web script or HTML via the 1 deviceTypeID parameter to DeviceType/getDeviceType.do; the 2 policyActionClass or 3...

CVE-2015-8687

The CVE-2015-8687 lies in the Alcatel-Lucent Motive Home Device Manager (HDM) Management Console, with multiple reflected XSS vulnerabilities in HDM

CVE-2015-8687

Multiple cross-site scripting XSS vulnerabilities in the Management Console in Alcatel-Lucent Motive Home Device Manager HDM before 4.2 allow remote attackers to inject arbitrary web script or HTML via the 1 deviceTypeID parameter to DeviceType/getDeviceType.do; the 2 policyActionClass or 3...