Sign-up

ID

VAR-201903-0361


CVE

CVE-2019-3917


TITLE

Alcatel Lucent I-240W-Q GPON ONT Vulnerabilities related to access control in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2019-002212

DESCRIPTION

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 allows a remote, unauthenticated attacker to enable telnetd on the router via a crafted HTTP request. Alcatel Lucent I-240W-Q GPON ONT There is an access control vulnerability in the firmware.Information may be tampered with. GPON (Gigabit-CapablePON) technology is the latest generation of broadband passive optical integrated access standard based on ITU-TG.984.x standard. It has many advantages such as high bandwidth, high efficiency, large coverage, rich user interface, etc. Operators are regarded as the ideal technology to realize broadband and integrated transformation of access network services. GPONHomeGateway is a router provided by ISPs for users. The GPON router has a remote unauthenticated enable/disable Telnet service vulnerability that can be exploited by an attacker to enable/disable the Telnet service without authentication. Nokia Alcatel Lucent I-240W-Q GPON ONT is an optical network interruption device of Nokia Corporation of Finland. A security vulnerability exists in Nokia Alcatel Lucent I-240W-Q GPON ONTs using firmware version 3FE54567BOZJ19

Trust: 2.25

sources: NVD: CVE-2019-3917 // JVNDB: JVNDB-2019-002212 // CNVD: CNVD-2019-06040 // VULHUB: VHN-155352

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-06040

AFFECTED PRODUCTS

vendor:nokiamodel:i-240w-q gpon ontscope:eqversion:3fe54567bozj19

Trust: 1.8

vendor:dasanmodel:networks gpon home gatewayscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-06040 // JVNDB: JVNDB-2019-002212 // NVD: CVE-2019-3917

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3917
value: HIGH

Trust: 1.0

NVD: CVE-2019-3917
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-06040
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201903-077
value: HIGH

Trust: 0.6

VULHUB: VHN-155352
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-3917
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-06040
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-155352
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-3917
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-3917
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-06040 // VULHUB: VHN-155352 // JVNDB: JVNDB-2019-002212 // CNNVD: CNNVD-201903-077 // NVD: CVE-2019-3917

PROBLEMTYPE DATA

problemtype:CWE-425

Trust: 1.1

problemtype:CWE-306

Trust: 1.0

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-155352 // JVNDB: JVNDB-2019-002212 // NVD: CVE-2019-3917

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-077

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201903-077

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-002212

PATCH
title:Top Pageurl:https://www.nokia.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-002212

EXTERNAL IDS
db:NVDid:CVE-2019-3917
Trust: 3.1
db:TENABLEid:TRA-2019-09
Trust: 2.5
db:JVNDBid:JVNDB-2019-002212
Trust: 0.8
db:CNNVDid:CNNVD-201903-077
Trust: 0.7
db:SEEBUGid:SSVID-978
Trust: 0.6
db:CNVDid:CNVD-2019-06040
Trust: 0.6
db:VULHUBid:VHN-155352
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-06040 // 
            
            
            
            VULHUB: VHN-155352 // 
            
            
            
            JVNDB: JVNDB-2019-002212 // 
            
            
            
            CNNVD: CNNVD-201903-077 // 
            
            
            
            NVD: CVE-2019-3917

REFERENCES
url:https://www.tenable.com/security/research/tra-2019-09
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-3917
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3917
Trust: 0.8
url:https://www.seebug.org/vuldb/ssvid-978
Trust: 0.6
url:https://www.zoomeye.org/searchresult?q=%22gpon%20home%20gateway%
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-06040 // 
            
            
            
            VULHUB: VHN-155352 // 
            
            
            
            JVNDB: JVNDB-2019-002212 // 
            
            
            
            CNNVD: CNNVD-201903-077 // 
            
            
            
            NVD: CVE-2019-3917

SOURCES
db:CNVDid:CNVD-2019-06040
db:VULHUBid:VHN-155352
db:JVNDBid:JVNDB-2019-002212
db:CNNVDid:CNNVD-201903-077
db:NVDid:CVE-2019-3917

LAST UPDATE DATE
2024-11-23T21:37:36.417000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-06040date:2019-04-25T00:00:00
db:VULHUBid:VHN-155352date:2020-10-19T00:00:00
db:JVNDBid:JVNDB-2019-002212date:2019-04-04T00:00:00
db:CNNVDid:CNNVD-201903-077date:2020-10-20T00:00:00
db:NVDid:CVE-2019-3917date:2024-11-21T04:42:51.600

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-06040date:2019-03-04T00:00:00
db:VULHUBid:VHN-155352date:2019-03-05T00:00:00
db:JVNDBid:JVNDB-2019-002212date:2019-04-04T00:00:00
db:CNNVDid:CNNVD-201903-077date:2019-03-05T00:00:00
db:NVDid:CVE-2019-3917date:2019-03-05T21:29:00.290