CVE-2019-3920MEDIUM
Description
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to authenticated command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/device_Form?script/.
References
Details
Source: MITRE
Published: 2019-03-05
Updated: 2019-10-09
Type: CWE-77
Risk Information
CVSS v2.0
Base Score: 6.5
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 8
Severity: MEDIUM
CVSS v3.0
Base Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 2.8
Severity: HIGH
Vulnerable Software
Configuration 1
AND
OR
cpe:2.3:o:nokia:i-240w-q_gpon_ont_firmware:3fe54567bozj19:*:*:*:*:*:*:*
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 123419 | GPON ONT Home Gateway Authenticated Remote Command Execution (CVE-2019-3920) | Nessus | Web Servers | medium |