Skip to main content

Nokia

57 CVEs vendor

Monthly

CVE-2025-7406 HIGH This Week

Local privilege escalation in Nokia MantaRay NM (network management) lets an attacker who already holds local administrative privileges abuse a misconfigured sudo command set to obtain full root access on the host, gaining complete control of the filesystem and arbitrary root command execution. The flaw was reported by Nokia and affects versions prior to NM 25R1-NM, with no public exploit identified at time of analysis and a low EPSS exploitation probability of 0.17%.

Privilege Escalation Nokia Mantaray Nm
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-24816 MEDIUM PATCH This Month

Insufficient authorization enforcement in the Nokia MantaRay NM API allows authenticated low-privilege users to retrieve confidential data beyond their assigned role boundaries. Affected are all Nokia MantaRay NM deployments running versions prior to 25R2-NM, a telecom-focused network management platform. No public exploit code or CISA KEV listing has been identified; with EPSS at 0.18% (7th percentile), real-world exploitation pressure is currently low, though the high confidentiality impact and low attack complexity make patching a priority for any operator with untrusted authenticated users.

Authentication Bypass Nokia Mantaray Nm
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-24815 HIGH PATCH This Week

Arbitrary file upload in Nokia MantaRay NM (network management) prior to 25R2-NM allows an authenticated, low-privileged attacker to bypass insufficient file-type validation and place malicious files on the host, leading to full compromise of confidentiality, integrity, and availability (CVSS 7.8). The flaw is a CWE-434 unrestricted upload; the CVSS vector specifies a local attack vector (AV:L) rather than remote network exploitation. No public exploit identified at time of analysis, and the EPSS score is very low (0.18%, 7th percentile).

Nokia File Upload Mantaray Nm
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-9912 MEDIUM PATCH This Month

Local privilege escalation in Nokia SR Linux (multiple release branches prior to 23.10.8, 24.10.6, and 25.7.2) allows an authenticated local user to execute arbitrary commands with superuser (root) privilege. Rooted in CWE-269 (Improper Privilege Management), this flaw enables a user who has already obtained a local session on the network OS to break out of their assigned privilege boundary and gain full control of the system. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog; however, Nokia has confirmed a patch and self-reported the issue.

Privilege Escalation Nokia Nokia Sr Linux
NVD VulDB
CVSS 3.1
6.3
EPSS
0.2%
CVE-2025-10262 MEDIUM PATCH This Month

Local privilege escalation in Nokia SR Linux affects multiple release trains and allows an already-authenticated user holding elevated local privileges to execute arbitrary commands as superuser by exploiting unsanitized format string handling (CWE-134). The attack vector is local and requires high prior privileges (CVSS AV:L/PR:H), significantly limiting the exposure surface compared to a network-exploitable flaw. No public exploit code and no CISA KEV listing have been identified at time of analysis; Nokia has released patches across all affected branch lines.

Privilege Escalation Nokia Sr Linux
NVD VulDB
CVSS 3.1
6.3
EPSS
0.2%
CVE-2022-45899 MEDIUM POC This Month

Nokia Broadcast Message Center (BMC) before 13.1 allows an unauthenticated remote attacker to do OS command injection as root via shell metacharacters in the Log Scanner Search Pattern field. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nokia Command Injection
NVD Exploit-DB VulDB
CVSS 3.1
6.5
EPSS
0.9%
CVE-2025-24819 MEDIUM This Month

Relative path traversal in Nokia MantaRay NM Software Manager allows authenticated local network attackers to read sensitive files on the affected system. The vulnerability stems from improper validation of input parameters in the file system handling code, enabling an attacker with local network access and low privileges to enumerate and access files outside the intended directory structure without modifying or disrupting them. No public exploit code or active exploitation has been confirmed at the time of analysis.

Nokia Path Traversal
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-24818 HIGH This Week

OS command injection in Nokia MantaRay NM Log Search application allows authenticated adjacent network attackers to execute arbitrary OS commands with high impact to confidentiality, integrity, and availability. The vulnerability affects versions prior to 25R1-NM due to improper neutralization of special elements in OS commands (CWE-77). CVSS score of 8.0 reflects high severity with low attack complexity requiring low-level authentication from adjacent network position. No public exploit identified at time of analysis, though command injection vulnerabilities are well-understood and relatively straightforward to exploit once access requirements are met.

Nokia Command Injection
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-24817 HIGH This Week

OS command injection in Nokia MantaRay NM Symptom Collector application allows authenticated adjacent network attackers to execute arbitrary OS commands with high confidentiality, integrity, and availability impact. The vulnerability affects all versions prior to 25R1-NM and requires low-privilege authenticated access over adjacent network with low attack complexity. No public exploit identified at time of analysis, with EPSS exploitation probability at 0.06% (19th percentile), indicating relatively low observed real-world exploitation likelihood despite the high CVSS score.

Command Injection Nokia
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-21821 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: fbdev: omap: use threaded IRQ for LCD DMA When using touchscreen and framebuffer, Nokia 770 crashes easily with: BUG: scheduling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Nokia Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2023-41355 CRITICAL Act Now

Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nokia G 040W Q Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-41354 MEDIUM This Month

Chunghwa Telecom NOKIA G-040W-Q Firewall function does not block ICMP TIMESTAMP requests by default, an unauthenticated remote attacker can exploit this vulnerability by sending a crafted package,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nokia G 040W Q Firmware
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-41353 HIGH This Week

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of weak password requirements. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nokia Brute Force G 040W Q Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-41352 HIGH This Week

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient filtering for user input. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nokia Command Injection G 040W Q Firmware
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-41351 CRITICAL Act Now

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nokia Authentication Bypass G 040W Q Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-41350 CRITICAL Act Now

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple failed authentication attempts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nokia Authentication Bypass G 040W Q Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-22618 HIGH This Week

If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Nokia Authentication Bypass Wavelite Metro 200 And Fan Firmware Wavelite Metro 200 Ops And Fans Firmware Wavelite Metro 200 And F2B Fans Firmware +3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-41376 HIGH POC This Week

Nokia Service Router Operating System (SR OS) 22.10 and SR Linux, when error-handling update-fault-tolerance is not enabled, mishandle BGP path attributes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Nokia Service Router Linux Service Router Operating System
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-25187 HIGH POC This Week

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Nokia Authentication Bypass Asika Airscale Firmware
NVD Exploit-DB
CVSS 3.1
7.0
EPSS
1.0%
CVE-2023-25188 HIGH This Week

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Nokia Asika Airscale Firmware
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-25186 LOW Monitor

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Nokia Asika Airscale Firmware
NVD
CVSS 3.1
2.8
EPSS
0.2%
CVE-2023-25185 HIGH This Week

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Nokia Asika Airscale Firmware
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-26062 HIGH This Week

A mobile network solution internal fault is found in Nokia Web Element Manager before 22 R1, in which an authenticated, unprivileged user can execute administrative functions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Nokia Web Element Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-26058 MEDIUM This Month

An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Nokia CSRF Netact
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-26057 MEDIUM This Month

An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Nokia CSRF Netact
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-26059 MEDIUM This Month

An issue was discovered in Nokia NetAct before 22 SP1037. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nokia XSS Netact
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-26061 MEDIUM This Month

An issue was discovered in Nokia NetAct before 22 FP2211. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nokia XSS CSRF Netact
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-26060 HIGH This Week

An issue was discovered in Nokia NetAct before 22 FP2211. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Nokia CSRF Netact
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-36222 HIGH POC This Week

Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin account of admin:Nq+L5st7o This account can be used locally to access the web admin interface. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nokia Authentication Bypass Fastmile Firmware
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2022-36221 MEDIUM POC This Month

Nokia Fastmile 3tg00118abad52 is affected by an authenticated path traversal vulnerability which allows attackers to read any named pipe file on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Nokia Fastmile Firmware
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-28866 HIGH POC This Week

Multiple Improper Access Control was discovered in Nokia AirFrame BMC Web GUI < R18 Firmware v4.13.00. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Information Disclosure Nokia Airframe Bmc Web Gui R18 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-40715 MEDIUM This Month

An issue was discovered in NOKIA 1350OMS R14.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Nokia 1350 Optical Management System
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-40714 MEDIUM This Month

An issue was discovered in NOKIA 1350OMS R14.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Nokia 1350 Optical Management System
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-40713 MEDIUM This Month

An issue was discovered in NOKIA 1350OMS R14.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Nokia 1350 Optical Management System
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-40712 MEDIUM This Month

An issue was discovered in NOKIA 1350OMS R14.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Nokia 1350 Optical Management System
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-38788 MEDIUM POC This Month

An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2104.00.0281. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Nokia Fastmile 5G Receiver Firmware
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-39821 HIGH This Week

In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerability occurs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nokia 1350 Optical Management System
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-39819 HIGH This Week

In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nokia Command Injection 1350 Optical Management System
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-39817 HIGH This Week

In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occurs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nokia SQLi 1350 Optical Management System
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-39816 MEDIUM This Month

In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials (cleartext administrator password) occur in the edit configuration page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nokia 1350 Optical Management System
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-39815 CRITICAL Act Now

In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nokia Command Injection 1350 Optical Management System
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-39814 MEDIUM This Month

In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP GET parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nokia Open Redirect 1350 Optical Management System
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-30903 MEDIUM POC This Month

Nokia "G-2425G-A" Bharti Airtel Routers Hardware version "3FE48299DEAA" Software Version "3FE49362IJHK42" is vulnerable to Cross-Site Scripting (XSS) via the admin->Maintenance>Device Management. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nokia XSS G 2425G A Firmware
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-45896 HIGH POC This Week

Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an authenticated user via is_ctc_admin=1 to login_web_app.cgi and use of Import Config File. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Nokia Fastmile Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-30003 MEDIUM POC This Month

An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nokia G 120W F Firmware
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-26597 MEDIUM POC This Month

An issue was discovered in Nokia NetAct 18A. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nokia File Upload Netact
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-26596 MEDIUM POC This Month

An issue was discovered in Nokia NetAct 18A. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nokia Netact
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-17406 MEDIUM POC This Month

Nokia IMPACT < 18A has path traversal that may lead to RCE if chained with CVE-2019-1743. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nokia Path Traversal Impact
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2019-17405 MEDIUM POC This Month

Nokia IMPACT < 18A: has Reflected self XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nokia XSS Impact
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-17404 MEDIUM POC This Month

Nokia IMPACT < 18A: allows full path disclosure. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nokia Path Traversal Impact
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2019-17403 HIGH POC This Week

Nokia IMPACT < 18A: An unrestricted File Upload vulnerability was found that may lead to Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nokia File Upload RCE Impact
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2019-7386 MEDIUM POC This Month

A Denial of Service issue has been discovered in the Gecko component of KaiOS 2.5 10.05 (platform 48.0.a2) on Nokia 8810 4G devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nokia RCE Denial Of Service Kaios 8810 4G Firmware
NVD VulDB
CVSS 3.0
6.5
EPSS
2.5%
CVE-2015-6929 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Nokia Networks (formerly Nokia Solutions and Networks and Nokia Siemens Networks) @vantage Commander allow remote attackers to inject arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Nokia Siemens Vantage Commander
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-1750 MEDIUM POC This Month

Open redirect vulnerability in nokia-mapsplaces.php in the Nokia Maps & Places plugin 1.6.6 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Open Redirect WordPress Nokia PHP XSS +1
NVD
CVSS 2.0
5.8
EPSS
0.4%
CVE-2014-6602 MEDIUM POC This Month

Microsoft Asha OS on the Microsoft Mobile Nokia Asha 501 phone 14.0.4 allows physically proximate attackers to bypass the lock-screen protection mechanism, and read or modify contact information or. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Nokia Privilege Escalation Microsoft Nokia Asha 501 Software Nokia Asha 501
NVD
CVSS 2.0
6.6
EPSS
0.7%
CVE-2012-2619 HIGH POC THREAT Act Now

The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 26.5%.

Broadcom Denial Of Service Buffer Overflow Samsung Apple +4
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
26.5%
CVE-2012-2442 MEDIUM POC THREAT This Month

Buffer overflow in the Video Manager in Nokia PC Suite 7.1.180.64 and earlier allows remote attackers to cause a denial of service via a crafted mp4 file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 15.1%.

Buffer Overflow Denial Of Service Nokia Pc Suite
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
15.1%
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation in Nokia MantaRay NM (network management) lets an attacker who already holds local administrative privileges abuse a misconfigured sudo command set to obtain full root access on the host, gaining complete control of the filesystem and arbitrary root command execution. The flaw was reported by Nokia and affects versions prior to NM 25R1-NM, with no public exploit identified at time of analysis and a low EPSS exploitation probability of 0.17%.

Privilege Escalation Nokia Mantaray Nm
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Insufficient authorization enforcement in the Nokia MantaRay NM API allows authenticated low-privilege users to retrieve confidential data beyond their assigned role boundaries. Affected are all Nokia MantaRay NM deployments running versions prior to 25R2-NM, a telecom-focused network management platform. No public exploit code or CISA KEV listing has been identified; with EPSS at 0.18% (7th percentile), real-world exploitation pressure is currently low, though the high confidentiality impact and low attack complexity make patching a priority for any operator with untrusted authenticated users.

Authentication Bypass Nokia Mantaray Nm
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Arbitrary file upload in Nokia MantaRay NM (network management) prior to 25R2-NM allows an authenticated, low-privileged attacker to bypass insufficient file-type validation and place malicious files on the host, leading to full compromise of confidentiality, integrity, and availability (CVSS 7.8). The flaw is a CWE-434 unrestricted upload; the CVSS vector specifies a local attack vector (AV:L) rather than remote network exploitation. No public exploit identified at time of analysis, and the EPSS score is very low (0.18%, 7th percentile).

Nokia File Upload Mantaray Nm
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Local privilege escalation in Nokia SR Linux (multiple release branches prior to 23.10.8, 24.10.6, and 25.7.2) allows an authenticated local user to execute arbitrary commands with superuser (root) privilege. Rooted in CWE-269 (Improper Privilege Management), this flaw enables a user who has already obtained a local session on the network OS to break out of their assigned privilege boundary and gain full control of the system. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog; however, Nokia has confirmed a patch and self-reported the issue.

Privilege Escalation Nokia Nokia Sr Linux
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Local privilege escalation in Nokia SR Linux affects multiple release trains and allows an already-authenticated user holding elevated local privileges to execute arbitrary commands as superuser by exploiting unsanitized format string handling (CWE-134). The attack vector is local and requires high prior privileges (CVSS AV:L/PR:H), significantly limiting the exposure surface compared to a network-exploitable flaw. No public exploit code and no CISA KEV listing have been identified at time of analysis; Nokia has released patches across all affected branch lines.

Privilege Escalation Nokia Sr Linux
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Nokia Broadcast Message Center (BMC) before 13.1 allows an unauthenticated remote attacker to do OS command injection as root via shell metacharacters in the Log Scanner Search Pattern field. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nokia Command Injection
NVD Exploit-DB VulDB
EPSS 0% CVSS 5.7
MEDIUM This Month

Relative path traversal in Nokia MantaRay NM Software Manager allows authenticated local network attackers to read sensitive files on the affected system. The vulnerability stems from improper validation of input parameters in the file system handling code, enabling an attacker with local network access and low privileges to enumerate and access files outside the intended directory structure without modifying or disrupting them. No public exploit code or active exploitation has been confirmed at the time of analysis.

Nokia Path Traversal
NVD
EPSS 0% CVSS 8.0
HIGH This Week

OS command injection in Nokia MantaRay NM Log Search application allows authenticated adjacent network attackers to execute arbitrary OS commands with high impact to confidentiality, integrity, and availability. The vulnerability affects versions prior to 25R1-NM due to improper neutralization of special elements in OS commands (CWE-77). CVSS score of 8.0 reflects high severity with low attack complexity requiring low-level authentication from adjacent network position. No public exploit identified at time of analysis, though command injection vulnerabilities are well-understood and relatively straightforward to exploit once access requirements are met.

Nokia Command Injection
NVD
EPSS 0% CVSS 8.0
HIGH This Week

OS command injection in Nokia MantaRay NM Symptom Collector application allows authenticated adjacent network attackers to execute arbitrary OS commands with high confidentiality, integrity, and availability impact. The vulnerability affects all versions prior to 25R1-NM and requires low-privilege authenticated access over adjacent network with low attack complexity. No public exploit identified at time of analysis, with EPSS exploitation probability at 0.06% (19th percentile), indicating relatively low observed real-world exploitation likelihood despite the high CVSS score.

Command Injection Nokia
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: fbdev: omap: use threaded IRQ for LCD DMA When using touchscreen and framebuffer, Nokia 770 crashes easily with: BUG: scheduling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Nokia Denial Of Service +3
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nokia G 040W Q Firmware
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Chunghwa Telecom NOKIA G-040W-Q Firewall function does not block ICMP TIMESTAMP requests by default, an unauthenticated remote attacker can exploit this vulnerability by sending a crafted package,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nokia G 040W Q Firmware
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of weak password requirements. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nokia Brute Force +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient filtering for user input. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nokia Command Injection G 040W Q Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nokia Authentication Bypass G 040W Q Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple failed authentication attempts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nokia Authentication Bypass G 040W Q Firmware
NVD
EPSS 0% CVSS 7.8
HIGH This Week

If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Nokia Authentication Bypass Wavelite Metro 200 And Fan Firmware +5
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

Nokia Service Router Operating System (SR OS) 22.10 and SR Linux, when error-handling update-fault-tolerance is not enabled, mishandle BGP path attributes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Nokia Service Router Linux +1
NVD
EPSS 1% CVSS 7.0
HIGH POC This Week

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Nokia Authentication Bypass Asika Airscale Firmware
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH This Week

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Nokia Asika Airscale Firmware
NVD
EPSS 0% CVSS 2.8
LOW Monitor

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Nokia Asika Airscale Firmware
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Nokia Asika Airscale Firmware
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A mobile network solution internal fault is found in Nokia Web Element Manager before 22 R1, in which an authenticated, unprivileged user can execute administrative functions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Nokia Web Element Manager
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Nokia CSRF +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Nokia CSRF +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

An issue was discovered in Nokia NetAct before 22 SP1037. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nokia XSS Netact
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

An issue was discovered in Nokia NetAct before 22 FP2211. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nokia XSS CSRF +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

An issue was discovered in Nokia NetAct before 22 FP2211. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Nokia +2
NVD
EPSS 0% CVSS 8.4
HIGH POC This Week

Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin account of admin:Nq+L5st7o This account can be used locally to access the web admin interface. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nokia Authentication Bypass Fastmile Firmware
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Nokia Fastmile 3tg00118abad52 is affected by an authenticated path traversal vulnerability which allows attackers to read any named pipe file on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Nokia Fastmile Firmware
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Multiple Improper Access Control was discovered in Nokia AirFrame BMC Web GUI < R18 Firmware v4.13.00. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Information Disclosure Nokia +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

An issue was discovered in NOKIA 1350OMS R14.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Nokia 1350 Optical Management System
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

An issue was discovered in NOKIA 1350OMS R14.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Nokia 1350 Optical Management System
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

An issue was discovered in NOKIA 1350OMS R14.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Nokia 1350 Optical Management System
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

An issue was discovered in NOKIA 1350OMS R14.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Nokia 1350 Optical Management System
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2104.00.0281. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Nokia Fastmile 5G Receiver Firmware
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerability occurs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nokia 1350 Optical Management System
NVD
EPSS 1% CVSS 8.8
HIGH This Week

In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nokia Command Injection 1350 Optical Management System
NVD
EPSS 1% CVSS 8.8
HIGH This Week

In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occurs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nokia SQLi 1350 Optical Management System
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials (cleartext administrator password) occur in the edit configuration page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nokia 1350 Optical Management System
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nokia Command Injection 1350 Optical Management System
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP GET parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nokia Open Redirect 1350 Optical Management System
NVD
EPSS 1% CVSS 4.8
MEDIUM POC This Month

Nokia "G-2425G-A" Bharti Airtel Routers Hardware version "3FE48299DEAA" Software Version "3FE49362IJHK42" is vulnerable to Cross-Site Scripting (XSS) via the admin->Maintenance>Device Management. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nokia XSS G 2425G A Firmware
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an authenticated user via is_ctc_admin=1 to login_web_app.cgi and use of Import Config File. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Nokia Fastmile Firmware
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC This Month

An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nokia G 120W F Firmware
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An issue was discovered in Nokia NetAct 18A. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nokia File Upload Netact
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

An issue was discovered in Nokia NetAct 18A. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nokia Netact
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

Nokia IMPACT < 18A has path traversal that may lead to RCE if chained with CVE-2019-1743. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nokia Path Traversal Impact
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Nokia IMPACT < 18A: has Reflected self XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nokia XSS Impact
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

Nokia IMPACT < 18A: allows full path disclosure. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nokia Path Traversal Impact
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

Nokia IMPACT < 18A: An unrestricted File Upload vulnerability was found that may lead to Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nokia File Upload RCE +1
NVD
EPSS 3% CVSS 6.5
MEDIUM POC This Month

A Denial of Service issue has been discovered in the Gecko component of KaiOS 2.5 10.05 (platform 48.0.a2) on Nokia 8810 4G devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nokia RCE Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Nokia Networks (formerly Nokia Solutions and Networks and Nokia Siemens Networks) @vantage Commander allow remote attackers to inject arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Nokia Siemens +1
NVD
EPSS 0% CVSS 5.8
MEDIUM POC This Month

Open redirect vulnerability in nokia-mapsplaces.php in the Nokia Maps & Places plugin 1.6.6 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Open Redirect WordPress Nokia +3
NVD
EPSS 1% CVSS 6.6
MEDIUM POC This Month

Microsoft Asha OS on the Microsoft Mobile Nokia Asha 501 phone 14.0.4 allows physically proximate attackers to bypass the lock-screen protection mechanism, and read or modify contact information or. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Nokia Privilege Escalation Microsoft +2
NVD
EPSS 27% CVSS 7.8
HIGH POC THREAT Act Now

The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 26.5%.

Broadcom Denial Of Service Buffer Overflow +6
NVD Exploit-DB
EPSS 15% CVSS 4.3
MEDIUM POC THREAT This Month

Buffer overflow in the Video Manager in Nokia PC Suite 7.1.180.64 and earlier allows remote attackers to cause a denial of service via a crafted mp4 file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 15.1%.

Buffer Overflow Denial Of Service Nokia +1
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy