CVE-2019-3922
published 2019-03-05CVE-2019-3922: The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a…
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
5.24%
91.5th percentile
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, unauthenticated attacker to /GponForm/fsetup_Form. An attacker can leverage this vulnerability to potentially execute arbitrary code.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nokia | i-240w-q_gpon_ont_firmware | — | — |
| php5 | php5 | >= 0 < 5.5.9+dfsg-1ubuntu4.29 | 5.5.9+dfsg-1ubuntu4.29 |
| tenable | alcatel_lucent_i-240w-q_gpon_ont | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j9q7-p3q3-f2xh: The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent
ghsa_unreviewed·2022-05-13
CVE-2019-3922 [CRITICAL] CWE-787 GHSA-j9q7-p3q3-f2xh: The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, unauthenticated attacker to /GponForm/fsetup_Form. An attacker can leverage this vulnerability to potentially execute arbitrary code.
OSV
php5 vulnerabilities
osv·2019-04-23·CVSS 7.5
CVE-2019-9022 php5 vulnerabilities
php5 vulnerabilities
USN-3922-1 fixed vulnerabilities in PHP. This update provides the corresponding
update for Ubuntu 14.04 LTS.
It was discovered that PHP incorrectly handled certain files. An attacker
could possibly use this issue to access sensitive information.
(CVE-2019-9022)
It was discovered that PHP incorrectly handled certain files. An attacker
could possibly use this issue to execute arbitrary code.
(CVE-2019-9675)
Original advisory details:
It was discovered that PHP incorrectly handled certain inputs. An attacker
could possibly use this issue to expose sensitive information. (CVE-2019-9637,
CVE-2019-9638, CVE-2019-9639, CVE-2019-9640, CVE-2019-9641)
No detection rules found.
No public exploits indexed.
Tenable
Tenable Research Discovers Remote Code Execution Vulnerabilities in GPON Routers
blogs_tenable·2019-02-27·CVSS 7.5
[HIGH] Tenable Research Discovers Remote Code Execution Vulnerabilities in GPON Routers
Blog / Research
Subscribe
# Tenable Research Discovers Remote Code Execution Vulnerabilities in GPON Routers
Tenable Research
February 27, 2019
2 Min Read
Tenable Research has discovered six new vulnerabilities in Nokia (Alcatel-Lucent) I-240W-Q GPON routers that can provide attacker with telnet access, DoS the target, or run arbitrary code.
### Background
Nokia (Alcatel-Lucent) I-240W-Q Gigabit Passive Optical Network (GPON) routers are designed to replace standard copper networks. These routers have become an attractive target for botnets, and turnaround from disclosure to attack is almost immediate.
Tenable researcher Artem Metla has discovered six new vulnerabilities in Nokia (Alcatel-Lucent) I-240W-Q GPON routers (CVE-2019-3917, CVE-2019-3918, CVE-2019-3919, CVE-2019-3920, CVE
Tenable
Tenable Research Discovers Remote Code Execution Vulnerabilities in GPON Routers
blogs_tenable·2019-02-27
Tenable Research Discovers Remote Code Execution Vulnerabilities in GPON Routers
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Nokia GPON ONT Multiple Vulnerabilities
blogs_tenable·2019-02-27
Nokia GPON ONT Multiple Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
2019-03-05
Published