Sign-up

ID

VAR-201903-0365


CVE

CVE-2019-3921


TITLE

Alcatel Lucent I-240W-Q GPON ONT Buffer error vulnerability in some firmware

Trust: 0.8

sources: JVNDB: JVNDB-2019-002216

DESCRIPTION

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, authenticated attacker to /GponForm/usb_Form?script/. An attacker can leverage this vulnerability to potentially execute arbitrary code. Alcatel Lucent I-240W-Q GPON ONT Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. GPON (Gigabit-CapablePON) technology is the latest generation of broadband passive optical integrated access standard based on ITU-TG.984.x standard. It has many advantages such as high bandwidth, high efficiency, large coverage, rich user interface, etc. Operators are regarded as the ideal technology to realize broadband and integrated transformation of access network services. GPONHomeGateway is a router provided by ISPs for users. There is an authentication stack overflow vulnerability in the GPON router, which can be exploited by an attacker to cause the server to crash. Nokia Alcatel Lucent I-240W-Q GPON ONT is an optical network interruption device of Nokia Corporation of Finland

Trust: 2.34

sources: NVD: CVE-2019-3921 // JVNDB: JVNDB-2019-002216 // CNVD: CNVD-2019-06037 // VULHUB: VHN-155356 // VULMON: CVE-2019-3921

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-06037

AFFECTED PRODUCTS

vendor:nokiamodel:i-240w-q gpon ontscope:eqversion:3fe54567bozj19

Trust: 1.8

vendor:dasanmodel:networks gpon home gatewayscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-06037 // JVNDB: JVNDB-2019-002216 // NVD: CVE-2019-3921

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3921
value: HIGH

Trust: 1.0

NVD: CVE-2019-3921
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-06037
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201903-081
value: HIGH

Trust: 0.6

VULHUB: VHN-155356
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-3921
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-3921
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-06037
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-155356
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-3921
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-3921
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-06037 // VULHUB: VHN-155356 // VULMON: CVE-2019-3921 // JVNDB: JVNDB-2019-002216 // CNNVD: CNNVD-201903-081 // NVD: CVE-2019-3921

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-155356 // JVNDB: JVNDB-2019-002216 // NVD: CVE-2019-3921

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-081

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201903-081

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-002216

PATCH
title:Top Pageurl:https://www.nokia.com/
Trust: 0.8
title:Exp101tsArchiv30thersurl:https://github.com/nu11secur1ty/Exp101tsArchiv30thers 
Trust: 0.1
title: - url:https://github.com/lnick2023/nicenice 
Trust: 0.1
title:awesome-cve-poc_qazbnm456url:https://github.com/xbl3/awesome-cve-poc_qazbnm456 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-3921 // 
            
            
            
            JVNDB: JVNDB-2019-002216

EXTERNAL IDS
db:NVDid:CVE-2019-3921
Trust: 3.2
db:TENABLEid:TRA-2019-09
Trust: 2.6
db:EXPLOIT-DBid:46469
Trust: 1.8
db:JVNDBid:JVNDB-2019-002216
Trust: 0.8
db:CNNVDid:CNNVD-201903-081
Trust: 0.7
db:SEEBUGid:SSVID-978
Trust: 0.6
db:CNVDid:CNVD-2019-06037
Trust: 0.6
db:VULHUBid:VHN-155356
Trust: 0.1
db:VULMONid:CVE-2019-3921
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-06037 // 
            
            
            
            VULHUB: VHN-155356 // 
            
            
            
            VULMON: CVE-2019-3921 // 
            
            
            
            JVNDB: JVNDB-2019-002216 // 
            
            
            
            CNNVD: CNNVD-201903-081 // 
            
            
            
            NVD: CVE-2019-3921

REFERENCES
url:https://www.tenable.com/security/research/tra-2019-09
Trust: 2.6
url:https://www.exploit-db.com/exploits/46469/
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-3921
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3921
Trust: 0.8
url:https://www.seebug.org/vuldb/ssvid-978
Trust: 0.6
url:https://www.zoomeye.org/searchresult?q=%22gpon%20home%20gateway%
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/787.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/nu11secur1ty/exp101tsarchiv30thers
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-06037 // 
            
            
            
            VULHUB: VHN-155356 // 
            
            
            
            VULMON: CVE-2019-3921 // 
            
            
            
            JVNDB: JVNDB-2019-002216 // 
            
            
            
            CNNVD: CNNVD-201903-081 // 
            
            
            
            NVD: CVE-2019-3921

SOURCES
db:CNVDid:CNVD-2019-06037
db:VULHUBid:VHN-155356
db:VULMONid:CVE-2019-3921
db:JVNDBid:JVNDB-2019-002216
db:CNNVDid:CNNVD-201903-081
db:NVDid:CVE-2019-3921

LAST UPDATE DATE
2024-11-23T21:37:36.540000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-06037date:2019-04-25T00:00:00
db:VULHUBid:VHN-155356date:2020-10-19T00:00:00
db:VULMONid:CVE-2019-3921date:2020-10-19T00:00:00
db:JVNDBid:JVNDB-2019-002216date:2019-04-04T00:00:00
db:CNNVDid:CNNVD-201903-081date:2020-10-20T00:00:00
db:NVDid:CVE-2019-3921date:2024-11-21T04:42:52.093

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-06037date:2019-03-04T00:00:00
db:VULHUBid:VHN-155356date:2019-03-05T00:00:00
db:VULMONid:CVE-2019-3921date:2019-03-05T00:00:00
db:JVNDBid:JVNDB-2019-002216date:2019-04-04T00:00:00
db:CNNVDid:CNNVD-201903-081date:2019-03-05T00:00:00
db:NVDid:CVE-2019-3921date:2019-03-05T21:29:00.447