Sign-up

ID

VAR-201903-0366


CVE

CVE-2019-3922


TITLE

Alcatel Lucent I-240W-Q GPON ONT Buffer error vulnerability in some firmware

Trust: 0.8

sources: JVNDB: JVNDB-2019-002217

DESCRIPTION

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, unauthenticated attacker to /GponForm/fsetup_Form. An attacker can leverage this vulnerability to potentially execute arbitrary code. Alcatel Lucent I-240W-Q GPON ONT Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. GPON (Gigabit-CapablePON) technology is the latest generation of broadband passive optical integrated access standard based on ITU-TG.984.x standard. It has many advantages such as high bandwidth, high efficiency, large coverage, rich user interface, etc. Operators are regarded as the ideal technology to realize broadband and integrated transformation of access network services. GPONHomeGateway is a router provided by ISPs for users. An unauthenticated stack overflow vulnerability exists in a GPON router that an attacker can exploit to cause a server crash. Nokia Alcatel Lucent I-240W-Q GPON ONT is an optical network interruption device of Nokia Corporation of Finland

Trust: 2.25

sources: NVD: CVE-2019-3922 // JVNDB: JVNDB-2019-002217 // CNVD: CNVD-2019-06038 // VULHUB: VHN-155357

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-06038

AFFECTED PRODUCTS

vendor:nokiamodel:i-240w-q gpon ontscope:eqversion:3fe54567bozj19

Trust: 1.8

vendor:dasanmodel:networks gpon home gatewayscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-06038 // JVNDB: JVNDB-2019-002217 // NVD: CVE-2019-3922

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3922
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-3922
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-06038
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201903-082
value: CRITICAL

Trust: 0.6

VULHUB: VHN-155357
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-3922
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-06038
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-155357
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-3922
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-3922
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-06038 // VULHUB: VHN-155357 // JVNDB: JVNDB-2019-002217 // CNNVD: CNNVD-201903-082 // NVD: CVE-2019-3922

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-155357 // JVNDB: JVNDB-2019-002217 // NVD: CVE-2019-3922

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-082

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201903-082

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-002217

PATCH
title:Top Pageurl:https://www.nokia.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-002217

EXTERNAL IDS
db:NVDid:CVE-2019-3922
Trust: 3.1
db:TENABLEid:TRA-2019-09
Trust: 2.5
db:JVNDBid:JVNDB-2019-002217
Trust: 0.8
db:CNNVDid:CNNVD-201903-082
Trust: 0.7
db:SEEBUGid:SSVID-978
Trust: 0.6
db:CNVDid:CNVD-2019-06038
Trust: 0.6
db:VULHUBid:VHN-155357
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-06038 // 
            
            
            
            VULHUB: VHN-155357 // 
            
            
            
            JVNDB: JVNDB-2019-002217 // 
            
            
            
            CNNVD: CNNVD-201903-082 // 
            
            
            
            NVD: CVE-2019-3922

REFERENCES
url:https://www.tenable.com/security/research/tra-2019-09
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-3922
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3922
Trust: 0.8
url:https://www.seebug.org/vuldb/ssvid-978
Trust: 0.6
url:https://www.zoomeye.org/searchresult?q=%22gpon%20home%20gateway%
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-06038 // 
            
            
            
            VULHUB: VHN-155357 // 
            
            
            
            JVNDB: JVNDB-2019-002217 // 
            
            
            
            CNNVD: CNNVD-201903-082 // 
            
            
            
            NVD: CVE-2019-3922

SOURCES
db:CNVDid:CNVD-2019-06038
db:VULHUBid:VHN-155357
db:JVNDBid:JVNDB-2019-002217
db:CNNVDid:CNNVD-201903-082
db:NVDid:CVE-2019-3922

LAST UPDATE DATE
2024-11-23T21:37:36.387000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-06038date:2019-04-25T00:00:00
db:VULHUBid:VHN-155357date:2020-10-19T00:00:00
db:JVNDBid:JVNDB-2019-002217date:2019-04-04T00:00:00
db:CNNVDid:CNNVD-201903-082date:2020-10-20T00:00:00
db:NVDid:CVE-2019-3922date:2024-11-21T04:42:52.213

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-06038date:2019-03-04T00:00:00
db:VULHUBid:VHN-155357date:2019-03-05T00:00:00
db:JVNDBid:JVNDB-2019-002217date:2019-04-04T00:00:00
db:CNNVDid:CNNVD-201903-082date:2019-03-05T00:00:00
db:NVDid:CVE-2019-3922date:2019-03-05T21:29:00.493