CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation...

9.8CVSS7.2AI score0.00822EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 6:19 p.m.•10 views

CVE-2021-21734

Some PON MDU devices of ZTE stored sensitive information in plaintext, and users with login authority can obtain it by inputing command. This affects: ZTE PON MDU device ZXA10 F821 V1.7.0P3T22, ZXA10 F822 V1.4.3T6, ZXA10 F819 V1.2.1T5, ZXA10 F832 V1.1.1T7, ZXA10 F839 V1.1.0T8, ZXA10 F809 V3.2.1T1...

6.5CVSS6.4AI score0.00512EPSS

Exploits0References1

Packet Storm News•added 2025/04/30 12:0 a.m.•2 views

Security-By-Design at the Telco Edge with OSS: Challenges and Lessons Learned

This paper presents our experience, in the context of an industrial R&D project, on securing GENIO, a platform for edge computing on Passive Optical Network PON infrastructures, and based on Open-Source Software OSS. We identify threats and related mitigations through hardening, vulnerability...

7.3AI score

Exploits0

RedhatCVE•added 2025/02/05 1:21 a.m.•7 views

CVE-2024-20483

Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacker with Administrator-level privileges on the PON Manager or direct access to the PON Manager Mongo...

7.2CVSS8.3AI score0.01098EPSS

Exploits0References1

BDU FSTEC•added 2024/10/23 12:0 a.m.•4 views

The vulnerability of the Routed PON Controller Software component in the Cisco IOS XR operating system of Cisco NCS 540 Series Routers, NCS 5500 Series Routers, and NCS 5700 Series Routers allows attackers to execute arbitrary commands.

The vulnerability of the Routed PON Controller Software in Cisco IOS XR routers from the Cisco NCS 540 Series, NCS 5500 Series, and NCS 5700 Series routers exists due to the lack of measures taken to neutralize specific elements used in the operating system commands. Exploiting this vulnerability...

9CVSS6AI score0.01098EPSS

Exploits0References2Affected Software1

NVD•added 2024/09/11 5:15 p.m.•33 views

CVE-2024-20489

A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials. This vulnerability is due to improper storage of the unencrypted database credentials on the device that is running...

8.4CVSS0.00144EPSS

Exploits0References1

OSV•added 2024/09/11 5:15 p.m.•5 views

CVE-2024-20483

7.2CVSS6.1AI score0.01098EPSS

Exploits0References1

OSV•added 2024/09/11 5:15 p.m.•2 views

CVE-2024-20489

5.5CVSS5.8AI score0.00144EPSS

Exploits0References1

NVD•added 2024/09/11 5:15 p.m.•18 views

CVE-2024-20483

7.2CVSS0.01098EPSS

Exploits0References1

Vulnrichment•added 2024/09/11 4:39 p.m.•23 views

CVE-2024-20489 Cisco Routed Passive Optical Network Cleartext Password Vulnerability

8.4CVSS6.5AI score0.00144EPSS

Exploits0References1

CVE•added 2024/09/11 4:39 p.m.•62 views

CVE-2024-20489

CVE-2024-20489 affects Cisco IOS XR Software running PON Controller, where the storage of unencrypted database credentials in the configuration files allows an authenticated, local attacker with low privileges to view MongoDB credentials. The root cause is improper storage of credentials on the d...

8.4CVSS6.5AI score0.00144EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by