Sign-up

ID

VAR-201903-0363


CVE

CVE-2019-3919


TITLE

Alcatel Lucent I-240W-Q GPON ONT Command injection vulnerability in some firmware

Trust: 0.8

sources: JVNDB: JVNDB-2019-002214

DESCRIPTION

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/usb_restore_Form?script/. Alcatel Lucent I-240W-Q GPON ONT Has a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. GPON (Gigabit-CapablePON) technology is the latest generation of broadband passive optical integrated access standard based on ITU-TG.984.x standard. It has many advantages such as high bandwidth, high efficiency, large coverage, rich user interface, etc. Operators are regarded as the ideal technology to realize broadband and integrated transformation of access network services. GPONHomeGateway is a router provided by ISPs for users. A remote command execution vulnerability exists in the GPON router that an attacker can use to execute arbitrary commands. Nokia Alcatel Lucent I-240W-Q GPON ONT is an optical network interruption device of Nokia Corporation of Finland

Trust: 2.25

sources: NVD: CVE-2019-3919 // JVNDB: JVNDB-2019-002214 // CNVD: CNVD-2019-06035 // VULHUB: VHN-155354

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-06035

AFFECTED PRODUCTS

vendor:nokiamodel:i-240w-q gpon ontscope:eqversion:3fe54567bozj19

Trust: 1.8

vendor:dasanmodel:networks gpon home gatewayscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-06035 // JVNDB: JVNDB-2019-002214 // NVD: CVE-2019-3919

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3919
value: HIGH

Trust: 1.0

NVD: CVE-2019-3919
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-06035
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201903-079
value: HIGH

Trust: 0.6

VULHUB: VHN-155354
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-3919
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-06035
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-155354
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-3919
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-3919
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-06035 // VULHUB: VHN-155354 // JVNDB: JVNDB-2019-002214 // CNNVD: CNNVD-201903-079 // NVD: CVE-2019-3919

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.9

problemtype:CWE-78

Trust: 1.0

sources: VULHUB: VHN-155354 // JVNDB: JVNDB-2019-002214 // NVD: CVE-2019-3919

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-079

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201903-079

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-002214

PATCH
title:Top Pageurl:https://www.nokia.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-002214

EXTERNAL IDS
db:NVDid:CVE-2019-3919
Trust: 3.1
db:TENABLEid:TRA-2019-09
Trust: 2.5
db:JVNDBid:JVNDB-2019-002214
Trust: 0.8
db:CNNVDid:CNNVD-201903-079
Trust: 0.7
db:SEEBUGid:SSVID-978
Trust: 0.6
db:CNVDid:CNVD-2019-06035
Trust: 0.6
db:VULHUBid:VHN-155354
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-06035 // 
            
            
            
            VULHUB: VHN-155354 // 
            
            
            
            JVNDB: JVNDB-2019-002214 // 
            
            
            
            CNNVD: CNNVD-201903-079 // 
            
            
            
            NVD: CVE-2019-3919

REFERENCES
url:https://www.tenable.com/security/research/tra-2019-09
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-3919
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3919
Trust: 0.8
url:https://www.seebug.org/vuldb/ssvid-978
Trust: 0.6
url:https://www.zoomeye.org/searchresult?q=%22gpon%20home%20gateway%
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-06035 // 
            
            
            
            VULHUB: VHN-155354 // 
            
            
            
            JVNDB: JVNDB-2019-002214 // 
            
            
            
            CNNVD: CNNVD-201903-079 // 
            
            
            
            NVD: CVE-2019-3919

SOURCES
db:CNVDid:CNVD-2019-06035
db:VULHUBid:VHN-155354
db:JVNDBid:JVNDB-2019-002214
db:CNNVDid:CNNVD-201903-079
db:NVDid:CVE-2019-3919

LAST UPDATE DATE
2024-11-23T21:37:36.446000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-06035date:2019-04-25T00:00:00
db:VULHUBid:VHN-155354date:2022-12-03T00:00:00
db:JVNDBid:JVNDB-2019-002214date:2019-04-04T00:00:00
db:CNNVDid:CNNVD-201903-079date:2019-03-07T00:00:00
db:NVDid:CVE-2019-3919date:2024-11-21T04:42:51.840

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-06035date:2019-03-04T00:00:00
db:VULHUBid:VHN-155354date:2019-03-05T00:00:00
db:JVNDBid:JVNDB-2019-002214date:2019-04-04T00:00:00
db:CNNVDid:CNNVD-201903-079date:2019-03-05T00:00:00
db:NVDid:CVE-2019-3919date:2019-03-05T21:29:00.367