Sign-up

ID

VAR-201903-0364


CVE

CVE-2019-3920


TITLE

Alcatel Lucent I-240W-Q GPON ONT Command injection vulnerability in some firmware

Trust: 0.8

sources: JVNDB: JVNDB-2019-002215

DESCRIPTION

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to authenticated command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/device_Form?script/. Alcatel Lucent I-240W-Q GPON ONT Has a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. GPON (Gigabit-CapablePON) technology is the latest generation of broadband passive optical integrated access standard based on ITU-TG.984.x standard. It has many advantages such as high bandwidth, high efficiency, large coverage, rich user interface, etc. Operators are regarded as the ideal technology to realize broadband and integrated transformation of access network services. GPONHomeGateway is a router provided by ISPs for users. A remote command execution vulnerability exists in the GPON router that an attacker can use to execute arbitrary commands. Nokia Alcatel Lucent I-240W-Q GPON ONT is an optical network interruption device of Nokia Corporation of Finland

Trust: 2.25

sources: NVD: CVE-2019-3920 // JVNDB: JVNDB-2019-002215 // CNVD: CNVD-2019-06036 // VULHUB: VHN-155355

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-06036

AFFECTED PRODUCTS

vendor:nokiamodel:i-240w-q gpon ontscope:eqversion:3fe54567bozj19

Trust: 1.8

vendor:dasanmodel:networks gpon home gatewayscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-06036 // JVNDB: JVNDB-2019-002215 // NVD: CVE-2019-3920

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3920
value: HIGH

Trust: 1.0

NVD: CVE-2019-3920
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-06036
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201903-080
value: HIGH

Trust: 0.6

VULHUB: VHN-155355
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-3920
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-06036
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-155355
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-3920
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-3920
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-06036 // VULHUB: VHN-155355 // JVNDB: JVNDB-2019-002215 // CNNVD: CNNVD-201903-080 // NVD: CVE-2019-3920

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.9

problemtype:CWE-78

Trust: 1.0

sources: VULHUB: VHN-155355 // JVNDB: JVNDB-2019-002215 // NVD: CVE-2019-3920

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-080

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201903-080

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-002215

PATCH
title:Top Pageurl:https://www.nokia.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-002215

EXTERNAL IDS
db:NVDid:CVE-2019-3920
Trust: 3.1
db:TENABLEid:TRA-2019-09
Trust: 2.5
db:JVNDBid:JVNDB-2019-002215
Trust: 0.8
db:CNNVDid:CNNVD-201903-080
Trust: 0.7
db:SEEBUGid:SSVID-978
Trust: 0.6
db:CNVDid:CNVD-2019-06036
Trust: 0.6
db:VULHUBid:VHN-155355
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-06036 // 
            
            
            
            VULHUB: VHN-155355 // 
            
            
            
            JVNDB: JVNDB-2019-002215 // 
            
            
            
            CNNVD: CNNVD-201903-080 // 
            
            
            
            NVD: CVE-2019-3920

REFERENCES
url:https://www.tenable.com/security/research/tra-2019-09
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-3920
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3920
Trust: 0.8
url:https://www.seebug.org/vuldb/ssvid-978
Trust: 0.6
url:https://www.zoomeye.org/searchresult?q=%22gpon%20home%20gateway%
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-06036 // 
            
            
            
            VULHUB: VHN-155355 // 
            
            
            
            JVNDB: JVNDB-2019-002215 // 
            
            
            
            CNNVD: CNNVD-201903-080 // 
            
            
            
            NVD: CVE-2019-3920

SOURCES
db:CNVDid:CNVD-2019-06036
db:VULHUBid:VHN-155355
db:JVNDBid:JVNDB-2019-002215
db:CNNVDid:CNNVD-201903-080
db:NVDid:CVE-2019-3920

LAST UPDATE DATE
2024-11-23T21:37:36.510000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-06036date:2019-04-25T00:00:00
db:VULHUBid:VHN-155355date:2022-12-03T00:00:00
db:JVNDBid:JVNDB-2019-002215date:2019-04-04T00:00:00
db:CNNVDid:CNNVD-201903-080date:2019-03-07T00:00:00
db:NVDid:CVE-2019-3920date:2024-11-21T04:42:51.970

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-06036date:2019-03-04T00:00:00
db:VULHUBid:VHN-155355date:2019-03-05T00:00:00
db:JVNDBid:JVNDB-2019-002215date:2019-04-04T00:00:00
db:CNNVDid:CNNVD-201903-080date:2019-03-05T00:00:00
db:NVDid:CVE-2019-3920date:2019-03-05T21:29:00.413