57
CVEs
4
Critical
21
High
0
KEV
22
PoC
24
Unpatched C/H
8.8%
Patch Rate
1.4%
Avg EPSS
Severity Breakdown
CRITICAL
4
HIGH
21
MEDIUM
31
LOW
1
Monthly CVE Trend
Affected Products (30)
1350 Optical Management System
10
Netact
7
G 040W Q Firmware
6
Impact
4
Asika Airscale Firmware
4
Mantaray Nm
3
Fastmile Firmware
3
Open Redirect
2
G 120W F Firmware
1
Brute Force
1
Nokia Asha 501 Software
1
Wavelite Metro 200 And F2B Fans Firmware
1
Sr Linux
1
Nokia Maps Places
1
Bcm4329
1
Iphone Os
1
G 2425G A Firmware
1
Wavelite Metro 200 Ops And Fans Firmware
1
Service Router Linux
1
Service Router Operating System
1
Bcm4325
1
Vantage Commander
1
Airframe Bmc Web Gui R18 Firmware
1
Fastmile 5G Receiver Firmware
1
Nokia Sr Linux
1
Linux Kernel
1
Nokia Asha 501
1
Wavelite Metro 200 Ne Ops And F2B Fans Firmware
1
Pc Suite
1
Wavelite Metro 200 Ne And F2B Fans Firmware
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2012-2619 | The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 26.5%. | HIGH | 7.8 | 26.5% | 86 |
PoC
No patch
|
| CVE-2019-17403 | Nokia IMPACT < 18A: An unrestricted File Upload vulnerability was found that may lead to Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 8.8 | 2.5% | 64 |
PoC
No patch
|
| CVE-2021-45896 | Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an authenticated user via is_ctc_admin=1 to login_web_app.cgi and use of Import Config File. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 8.8 | 1.6% | 64 |
PoC
No patch
|
| CVE-2022-28866 | Multiple Improper Access Control was discovered in Nokia AirFrame BMC Web GUI < R18 Firmware v4.13.00. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 8.8 | 1.0% | 64 |
PoC
No patch
|
| CVE-2022-36222 | Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin account of admin:Nq+L5st7o This account can be used locally to access the web admin interface. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 8.4 | 0.3% | 62 |
PoC
No patch
|
| CVE-2023-41376 | Nokia Service Router Operating System (SR OS) 22.10 and SR Linux, when error-handling update-fault-tolerance is not enabled, mishandle BGP path attributes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 7.5 | 0.7% | 58 |
PoC
No patch
|
| CVE-2012-2442 | Buffer overflow in the Video Manager in Nokia PC Suite 7.1.180.64 and earlier allows remote attackers to cause a denial of service via a crafted mp4 file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 15.1%. | MEDIUM | 4.3 | 15.1% | 57 |
PoC
No patch
|
| CVE-2019-7386 | A Denial of Service issue has been discovered in the Gecko component of KaiOS 2.5 10.05 (platform 48.0.a2) on Nokia 8810 4G devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | MEDIUM | 6.5 | 2.5% | 55 |
PoC
No patch
|
| CVE-2023-25187 | An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available. | HIGH | 7.0 | 1.0% | 55 |
PoC
No patch
|
| CVE-2014-6602 | Microsoft Asha OS on the Microsoft Mobile Nokia Asha 501 phone 14.0.4 allows physically proximate attackers to bypass the lock-screen protection mechanism, and read or modify contact information or. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available. | MEDIUM | 6.6 | 0.7% | 54 |
PoC
No patch
|
| CVE-2022-45899 | Nokia Broadcast Message Center (BMC) before 13.1 allows an unauthenticated remote attacker to do OS command injection as root via shell metacharacters in the Log Scanner Search Pattern field. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | MEDIUM | 6.5 | 0.9% | 53 |
PoC
No patch
|
| CVE-2021-26597 | An issue was discovered in Nokia NetAct 18A. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. | MEDIUM | 6.5 | 1.4% | 52 |
PoC
No patch
|
| CVE-2022-36221 | Nokia Fastmile 3tg00118abad52 is affected by an authenticated path traversal vulnerability which allows attackers to read any named pipe file on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. | MEDIUM | 6.5 | 0.8% | 52 |
PoC
No patch
|
| CVE-2019-17405 | Nokia IMPACT < 18A: has Reflected self XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | MEDIUM | 6.1 | 0.7% | 50 |
PoC
No patch
|
| CVE-2014-1750 | Open redirect vulnerability in nokia-mapsplaces.php in the Nokia Maps & Places plugin 1.6.6 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available. | MEDIUM | 5.8 | 0.4% | 49 |
PoC
No patch
|