Chunghwa Telecom Nokia G-040W-Q vulnerabilities
6 known vulnerabilities affecting chunghwa_telecom/nokia_g-040w-q.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2023-41351P2CRITICALCVSS 9.8vG040WQR2012072023-11-03
CVE-2023-41351 [CRITICAL] CWE-288 CVE-2023-41351: Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauth
Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an alternative URL. This makes it possible for unauthenticated remote attackers to log in as any existing users, such as an administrator, to perform arbitra
nvd
CVE-2023-41350P3CRITICALCVSS 9.8vG040WQR2012072023-11-03
CVE-2023-41350 [CRITICAL] CWE-307 CVE-2023-41350: Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple fai
Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple failed authentication attempts. An unauthenticated remote attacker can execute a crafted Javascript to expose captcha in page, making it very easy for bots to bypass the captcha check and more susceptible to brute force attacks.
nvd
CVE-2023-41355P3CRITICALCVSS 9.8vG040WQR2012072023-11-03
CVE-2023-41355 [CRITICAL] CWE-940 CVE-2023-41355: Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP r
Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted package to modify the network routing table, resulting in a denial of service or sensitive information leaking.
nvd
CVE-2023-41353P3HIGHCVSS 8.8vG040WQR2012072023-11-03
CVE-2023-41353 [HIGH] CWE-521 CVE-2023-41353: Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of weak password requirements. A remote attacker
Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of weak password requirements. A remote attacker with regular user privilege can easily infer the administrator password from system information after logging system, resulting in admin access and performing arbitrary system operations or disrupt service.
nvd
CVE-2023-41352P3HIGHCVSS 7.2vG040WQR2012072023-11-03
CVE-2023-41352 [HIGH] CWE-78 CVE-2023-41352: Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient filtering for user input. A remo
Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.
nvd
CVE-2023-41354P4MEDIUMCVSS 5.3vG040WQR2012072023-11-03
CVE-2023-41354 [MEDIUM] CWE-200 CVE-2023-41354: Chunghwa Telecom NOKIA G-040W-Q Firewall function does not block ICMP TIMESTAMP requests by default,
Chunghwa Telecom NOKIA G-040W-Q Firewall function does not block ICMP TIMESTAMP requests by default, an unauthenticated remote attacker can exploit this vulnerability by sending a crafted package, resulting in partially sensitive information exposed to an actor.
nvd