Nokia Mobile - 132 CVEs (Page 1/2)

About “Nokia Mobile”

A curated feed of “Nokia Mobile”-related CVEs appears below. We currently track 132 CVEs for this tag (all time). In the last 365 days, 18 were published. Average CVSS is 6.6 (all time; 5.9 over 365d), and 44% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection'), CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').

In our taxonomy this topic maps to a LOW impact class. Mobile OS and devices protect account and app access. Update OS, enforce MDM policies, disable sideloading, and restrict developer options. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: nokia

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

Cycle	Release	Latest	EOL
c210	2023-09-14	-	2025-09-14 Expired
g310-5g	2023-08-24	-	2026-08-24 Soon
g42-5g	2023-06-28	-	2026-06-28 Soon
c300	2023-06-14	-	2025-06-14 Expired
c110	2023-06-14	-	2025-06-14 Expired
xr21	2023-05-24	-	2027-05-24
c32	2023-02-25	-	2025-02-25 Expired
g22	2023-02-17	-	2026-04-01 Expired
t21	2022-09-01	-	2025-09-01 Expired
x30-5g	2022-09-01	-	2026-01-01 Expired
g60-5g	2022-08-05	-	2025-12-01 Expired
c21	2022-05-03	-	2024-06-01 Expired
c21-plus	2022-04-29	-	2024-06-01 Expired
c2-2nd-edition	2022-04-19	-	2024-05-01 Expired
g11	2022-03-24	-	2025-05-01 Expired
g21	2022-02-15	-	2025-03-01 Expired
t20	2021-11-02	-	2024-11-01 Expired
g50	2021-10-13	-	2024-12-01 Expired
c30	2021-10-12	-	2023-10-01 Expired
c1-2nd-edition	2021-08-27	-	2023-09-01 Expired
xr20	2021-08-04	-	2025-11-01 Expired
c10	2021-06-29	-	2023-08-01 Expired
c01-plus	2021-06-28	-	2023-08-01 Expired
c20-plus	2021-06-16	-	2023-09-01 Expired
x10	2021-06-07	-	2024-09-01 Expired
c20	2021-06-06	-	2023-06-01 Expired
g20	2021-05-17	-	2024-07-01 Expired
x20	2021-05-12	-	2024-07-01 Expired
g10	2021-04-26	-	2024-07-01 Expired
1.4	2021-02-03	-	2024-04-01 Expired
c1-plus	2021-01-29	-	2023-01-01 Expired
5.4	2020-12-25	-	2024-01-01 Expired
3.4	2020-10-26	-	2023-11-01 Expired
2.4	2020-09-30	-	2023-10-01 Expired
8.3-5g	2020-09-15	-	2023-11-01 Expired
c3	2020-08-13	-	2022-11-01 Expired
1.3	2020-04-02	-	2023-06-01 Expired
5.3	2020-04-02	-	2023-06-01 Expired
c2	2020-03-22	-	2022-02-01 Expired
2.3	2019-12-19	-	2022-12-01 Expired
c1	2019-12-11	-	2021-12-01 Expired
6.2	2019-10-17	-	2022-10-01 Expired
7.2	2019-09-23	-	2022-09-01 Expired
2.2	2019-06-11	-	2022-05-01 Expired
3.2	2019-05-22	-	2022-04-01 Expired
4.2	2019-05-07	-	2022-04-01 Expired
x71	2019-04-17	-	2019-05-01 Expired
9-pureview	2019-03-13	-	2022-03-01 Expired
1-plus	2019-02-24	-	2022-02-01 Expired
5.1-plus	2018-12-05	-	2021-10-01 Expired
8.1	2018-12-05	-	2021-12-01 Expired
7.1	2018-10-28	-	2021-11-01 Expired
6.1-plus	2018-08-21	-	2021-08-01 Expired
2.1	2018-08-01	-	2021-08-01 Expired
5.1	2018-08-01	-	2021-08-01 Expired
6.1	2018-05-06	-	2021-04-01 Expired
3.1	2018-05-01	-	2021-07-01 Expired
7-plus	2018-04-30	-	2021-04-01 Expired
8-sirocco	2018-04-23	-	2021-05-01 Expired
1	2018-04-01	-	2021-04-01 Expired
3.1-plus	2018-04-01	-	2021-10-01 Expired
2	2017-11-01	-	2019-11-01 Expired
8	2017-09-07	-	2020-10-01 Expired
5	2017-07-17	-	2020-10-01 Expired
3	2017-06-17	-	2020-09-01 Expired
6	2017-01-19	-	2020-10-01 Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS · RSS (expired) · ICS

Subscribe CVEs: RSS for “Nokia Mobile” · RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0

2026-05-08

Medium

CVE-2022-45899

Nokia Broadcast Message Center (BMC) before 13.1 allows an unauthenticated remote attacker to do OS command injection as root via shell metacharacters in the Log Scanner Search Pattern field.

CVSS: 6.5 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD

2026-04-07

Medium

CVE-2025-24819

Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validation of input parameter on the file system in Software Manager application.

CVSS: 5.7 CWE: CWE-23 - Relative Path Traversal View on NVD

High

CVE-2025-24818

Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Log Search application.

CVSS: 8.0 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD

High

CVE-2025-24817

Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Symptom Collector application.

CVSS: 8.0 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD

2026-03-03

Low

CVE-2023-31044

An issue was discovered in Nokia Impact before Mobile 23_FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the…

CVSS: 2.0 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD

High

CVE-2021-35486

A Cross-Site Request Forgery (CSRF) vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote attacker to import and overwrite the entire application configuration. Specifica…

CVSS: 8.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD

High

CVE-2021-35485

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload server-side executable files via the /ui/rest-proxy/applicat…

CVSS: 8.0 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD

High

CVE-2021-35484

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic (for the Vi…

CVSS: 8.2 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD

Medium

CVE-2021-35483

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileuplo…

CVSS: 4.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2026-01-07

Medium

CVE-2025-0980

Nokia SR Linux is vulnerable to an authentication vulnerability allowing unauthorized access to the JSON-RPC service. When exploited, an invalid validation allows JSON RPC access without providing v…

CVSS: 6.4 CWE: CWE-284 - Improper Access Control View on NVD

2025-12-26

Medium

CVE-2025-65885

An issue was discovered in the Delight Custom Firmware (CFW) for Nokia Symbian Belle devices on Nokia 808 (Delight v1.8), Nokia N8 (Delight v6.7), Nokia E7 (Delight v1.3), Nokia C7 (Delight v6.7), No…

CVSS: 5.1 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD

2025-07-02

Low

CVE-2025-24335

Nokia Single RAN baseband software versions earlier than 24R1-SR 2.1 MP contain a SOAP message input validation flaw, which in theory could potentially be used for causing resource exhaustion in the…

CVSS: 2.0 CWE: CWE-1287 - Improper Validation of Specified Type of Input View on NVD

Low

CVE-2025-24334

The Nokia Single RAN baseband software earlier than 23R2-SR 1.0 MP can be made to reveal the exact software release version by sending a specific HTTP POST request through the Mobile Network Operator…

CVSS: 3.3 CWE: CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere View on NVD

Medium

CVE-2025-24333

Nokia Single RAN baseband software earlier than 24R1-SR 1.0 MP contains administrative shell input validation fault, which authenticated admin user can, in theory, potentially use for injecting arbit…

CVSS: 6.4 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD

High

CVE-2025-24332

Nokia Single RAN AirScale baseband allows an authenticated administrative user access to all physical boards after performing a single login to the baseband system board. The baseband does not re-aut…

CVSS: 7.1 CWE: CWE-288 - Authentication Bypass Using an Alternate Path or Channel View on NVD

Medium

CVE-2025-24330

Sending a crafted SOAP "provision" operation message PlanId field within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause path traversal issue in Nok…

CVSS: 6.4 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD

Medium

CVE-2025-24329

Sending a crafted SOAP "provision" operation message archive field within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause path traversal issue in No…

CVSS: 6.4 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD

Medium

CVE-2025-24328

Sending a crafted SOAP "set" operation message within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause Nokia Single RAN baseband OAM service componen…

CVSS: 4.2 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD

2025-02-27

Medium

CVE-2025-21821

In the Linux kernel, the following vulnerability has been resolved: fbdev: omap: use threaded IRQ for LCD DMA When using touchscreen and framebuffer, Nokia 770 crashes easily with: BUG: schedu…

CVSS: 5.5 CWE: N/A View on NVD

2024-10-17

High

CVE-2023-6729

Nokia SR OS routers allow read-write access to the entire file system via SFTP or SCP for users configured with "access console." Consequently, a low privilege authenticated user with "access console…

CVSS: 7.3 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD

Low

CVE-2023-6728

Nokia SR OS bof.cfg file encryption is vulnerable to a brute force attack. This weakness allows an attacker in possession of the encrypted file to decrypt the bof.cfg file and obtain the BOF configur…

CVSS: 3.3 CWE: CWE-326 - Inadequate Encryption Strength View on NVD

2024-09-25

Low

CVE-2023-25189

BTS is affected by information disclosure vulnerability where mobile network operator personnel connected over BTS Web Element Manager, regardless of the access privileges, having a possibility to re…

CVSS: 3.3 CWE: CWE-863 - Incorrect Authorization View on NVD

2024-09-18

High

CVE-2024-46743

In the Linux kernel, the following vulnerability has been resolved: of/irq: Prevent device address out-of-bounds read in interrupt map walk When of_irq_parse_raw() is invoked with a device address…

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD

2024-04-22

Medium

CVE-2023-38299

Various software builds for the AT&T Calypso, Nokia C100, Nokia C200, and BLU View 3 devices leak the device IMEI to a system property that can be accessed by any local app on the device without any…

CVSS: 5.5 CWE: N/A View on NVD

High

CVE-2023-38293

Certain software builds for the Nokia C200 and Nokia C100 Android devices contain a vulnerable, pre-installed app with a package name of com.tracfone.tfstatus (versionCode='31', versionName='12') tha…

CVSS: 7.3 CWE: CWE-20 - Improper Input Validation View on NVD

2023-12-25

Medium

CVE-2022-43675

An issue was discovered in NOKIA NFM-T R19.9. Reflected XSS in the Network Element Manager exists via /oms1350/pages/otn/cpbLogDisplay via the filename parameter, under /oms1350/pages/otn/connection/…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2022-41762

An issue was discovered in NOKIA NFM-T R19.9. Multiple Reflected XSS vulnerabilities exist in the Network Element Manager via any parameter to log.pl, the bench or pid parameter to top.pl, or the id…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2022-41761

An issue was discovered in NOKIA NFM-T R19.9. An Absolute Path Traversal vulnerability exists under /cgi-bin/R19.9/viewlog.pl of the VM Manager WebUI via the logfile parameter, allowing a remote auth…

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD

Medium

CVE-2022-41760

An issue was discovered in NOKIA NFM-T R19.9. Relative Path Traversal can occur under /oms1350/data/cpb/log of the Network Element Manager via the filename parameter, allowing a remote authenticated…

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD

High

CVE-2022-39822

In NOKIA NFM-T R19.9, a SQL Injection vulnerability occurs in /cgi-bin/R19.9/easy1350.pl of the VM Manager WebUI via the id or host HTTP GET parameter. An authenticated attacker is required for explo…

CVSS: 8.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD

Medium

CVE-2022-39820

In Network Element Manager in NOKIA NFM-T R19.9, an Unprotected Storage of Credentials vulnerability occurs under /root/RestUploadManager.xml.DRC and /DEPOT/KECustom_199/OTNE_DRC/RestUploadManager.xm…

CVSS: 6.5 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD

High

CVE-2022-39818

In NOKIA NFM-T R19.9, an OS Command Injection vulnerability occurs in /cgi-bin/R19.9/log.pl of the VM Manager WebUI via the cmd HTTP GET parameter. This allows authenticated users to execute commands…

CVSS: 8.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD

2023-11-03

Critical

CVE-2023-41355

Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. An unauthenticated remote attacker can exploit this vulnerability by sending a cr…

CVSS: 9.8 CWE: CWE-940 - Improper Verification of Source of a Communication Channel View on NVD

Medium

CVE-2023-41354

Chunghwa Telecom NOKIA G-040W-Q Firewall function does not block ICMP TIMESTAMP requests by default, an unauthenticated remote attacker can exploit this vulnerability by sending a crafted package, re…

CVSS: 4.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD

High

CVE-2023-41353

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of weak password requirements. A remote attacker with regular user privilege can easily infer the administrator password from system information af…

CVSS: 8.8 CWE: CWE-521 - Weak Password Requirements View on NVD

High

CVE-2023-41352

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege can exploit this vulnerability to perform a Command Inject…

CVSS: 7.2 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD

Critical

CVE-2023-41351

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an alte…

CVSS: 9.8 CWE: CWE-288 - Authentication Bypass Using an Alternate Path or Channel View on NVD

High

CVE-2023-41350

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple failed authentication attempts. An unauthenticated remote attacker can execute a crafted Javascript to…

CVSS: 7.5 CWE: CWE-307 - Improper Restriction of Excessive Authentication Attempts View on NVD

2023-10-04

High

CVE-2023-22618

If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. This affects (for…

CVSS: 8.1 CWE: CWE-284 - Improper Access Control View on NVD

2023-09-05

High

CVE-2022-41763

An issue was discovered in NOKIA AMS 9.7.05. Remote Code Execution exists via the debugger of the ipAddress variable. A remote user, authenticated to the AMS server, could inject code in the PING fun…

CVSS: 8.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD

2023-08-29

High

CVE-2023-41376

Nokia Service Router Operating System (SR OS) 22.10 and SR Linux, when error-handling update-fault-tolerance is not enabled, mishandle BGP path attributes.

CVSS: 7.5 CWE: CWE-670 - Always-Incorrect Control Flow Implementation View on NVD

2023-07-24

High

CVE-2022-30280

/SecurityManagement/html/createuser.jsf in Nokia NetAct 22 allows CSRF. A remote attacker is able to create users with arbitrary privileges, even administrative privileges. The application (even if i…

CVSS: 8.8 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD

Medium

CVE-2022-28867

An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include JavaScript code,…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2022-28865

An issue was discovered in Nokia NetAct 22 through the Site Configuration Tool website section. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then st…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

High

CVE-2022-28864

CVSS: 8.8 CWE: CWE-1236 - Improper Neutralization of Formula Elements in a CSV File View on NVD

High

CVE-2022-28863

An issue was discovered in Nokia NetAct 22. A remote user, authenticated to the website, can visit the Site Configuration Tool section and arbitrarily upload potentially dangerous files without restr…

CVSS: 8.8 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD

2023-06-16

Medium

CVE-2023-25187

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Nokia Single RAN commissioning procedures do not change (factory-time installed) default SSH public/private key values t…

CVSS: 6.3 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD

Medium

CVE-2023-25188

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from the Nokia Single RAN BTS baseband unit, the BTS ba…

CVSS: 5.1 CWE: CWE-269 - Improper Privilege Management View on NVD

Medium

CVE-2023-25186

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from a Nokia Single RAN BTS baseband unit, a directory…

CVSS: 5.1 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD

Low

CVE-2023-25185

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. A mobile network solution internal fault was found in Nokia Single RAN software releases. Certain software processes in…

CVSS: 3.8 CWE: CWE-269 - Improper Privilege Management View on NVD

2023-06-14

High

CVE-2023-26062

A mobile network solution internal fault is found in Nokia Web Element Manager before 22 R1, in which an authenticated, unprivileged user can execute administrative functions. Exploitation is not pos…

CVSS: 7.0 CWE: CWE-269 - Improper Privilege Management View on NVD

2023-05-02

High

CVE-2022-30759

In Nokia One-NDS (aka Network Directory Server) through 20.9, some Sudo permissions can be exploited by some users to escalate to root privileges and execute arbitrary commands.

CVSS: 8.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD

2023-04-25

High

CVE-2022-31244

Nokia OneNDS 17r2 has Insecure Permissions vulnerability that allows for privilege escalation.

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD

Medium

CVE-2023-26058

An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external att…

CVSS: 6.5 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD

Medium

CVE-2023-26057

An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an extern…

CVSS: 6.5 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD

2023-04-24

Medium

CVE-2023-26059

An issue was discovered in Nokia NetAct before 22 SP1037. On the Site Configuration Tool tab, attackers can upload a ZIP file which, when processed, exploits Stored XSS. The upload option of the Site…

CVSS: 6.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2023-26061

An issue was discovered in Nokia NetAct before 22 FP2211. On the Scheduled Search tab under the Alarm Reports Dashboard page, users can create a script to inject XSS. Input validation was missing dur…

CVSS: 6.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2023-26060

An issue was discovered in Nokia NetAct before 22 FP2211. On the Working Set Manager page, users can create a Working Set with a name that has a client-side template injection payload. Input validati…

CVSS: 6.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD

2023-01-06

High

CVE-2022-2484

The signature check in the Nokia ASIK AirScale system module version 474021A.101 can be bypassed allowing an attacker to run modified firmware. This could result in the execution of a malicious kerne…

CVSS: 8.4 CWE: CWE-1274 - Improper Access Control for Volatile Memory Containing Boot Code View on NVD

High

CVE-2022-2483

The bootloader in the Nokia ASIK AirScale system module (versions 474021A.101 and 474021A.102) loads public keys for firmware verification signature. If an attacker modifies the flash contents to cor…

CVSS: 8.4 CWE: CWE-1282 - Assumed-Immutable Data is Stored in Writable Memory View on NVD

High

CVE-2022-2482

A vulnerability exists in Nokia’s ASIK AirScale system module (versions 474021A.101 and 474021A.102) that could allow an attacker to place a script on the file system accessible from Linux. A script…

CVSS: 8.4 CWE: CWE-1274 - Improper Access Control for Volatile Memory Containing Boot Code View on NVD

2022-12-21

High

CVE-2022-36222

Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin account of admin:Nq+L5st7o This account can be used locally to access the web admin interface.

CVSS: 8.4 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD

Medium

CVE-2022-36221

Nokia Fastmile 3tg00118abad52 is affected by an authenticated path traversal vulnerability which allows attackers to read any named pipe file on the system.

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD

2022-10-12

High

CVE-2022-28866

Multiple Improper Access Control was discovered in Nokia AirFrame BMC Web GUI < R18 Firmware v4.13.00. It does not properly validate requests for access to (or editing of) data and functionality in a…

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD

2022-09-19

Medium

CVE-2022-40715

An issue was discovered in NOKIA 1350OMS R14.2. An Absolute Path Traversal vulnerability exists for a specific endpoint via the logfile parameter, allowing a remote authenticated attacker to read fil…

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD

Medium

CVE-2022-40714

An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /oms1350/* endpoints.

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2022-40713

An issue was discovered in NOKIA 1350OMS R14.2. Multiple Relative Path Traversal issues exist in different specific endpoints via the file parameter, allowing a remote authenticated attacker to read…

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD

Medium

CVE-2022-40712

An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /cgi-bin/R14.2* endpoints.

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2022-09-15

Medium

CVE-2022-38788

An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2104.00.0281. Bluetooth on the Nokia ODU uses outdated pairing mechanisms, allowing an attacker to passively intercept a paring handshak…

CVSS: 4.3 CWE: N/A View on NVD

2022-09-13

High

CVE-2022-39821

In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerability occurs. The web application stores critical information, such as cleartext user credentials,…

CVSS: 7.5 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD

High

CVE-2022-39819

In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs. This allows authenticated users to execute commands on the operating system.

CVSS: 8.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD

High

CVE-2022-39817

In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occurs. Exploitation requires an authenticated attacker. Through the injection of arbitrary SQL statements, a potential authenticated a…

CVSS: 8.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD

Medium

CVE-2022-39816

In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials (cleartext administrator password) occur in the edit configuration page. Exploitation requires an authenticated attacker.

CVSS: 6.5 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD

Critical

CVE-2022-39815

In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs. This vulnerability allow unauthenticated users to execute commands on the operating system.

CVSS: 9.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD

Medium

CVE-2022-39814

In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP GET parameter.

CVSS: 6.1 CWE: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect') View on NVD

2022-06-16

Critical

CVE-2021-41487

NOKIA VitalSuite SPM 2020 is affected by SQL injection through UserName'.

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD

2022-06-14

Medium

CVE-2022-30903

Nokia "G-2425G-A" Bharti Airtel Routers Hardware version "3FE48299DEAA" Software Version "3FE49362IJHK42" is vulnerable to Cross-Site Scripting (XSS) via the admin->Maintenance>Device Management.

CVSS: 4.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2022-05-25

Medium

CVE-2021-35487

Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates (for the Manage Alerts page…

CVSS: 6.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD

2022-02-11

Critical

CVE-2021-31932

Nokia BTS TRS web console FTM_W20_FP2_2019.08.16_0010 allows Authentication Bypass. A malicious unauthenticated user can get access to all the functionalities exposed via the web panel, circumventing…

CVSS: 9.8 CWE: N/A View on NVD

2021-12-27

High

CVE-2021-45896

Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an authenticated user via is_ctc_admin=1 to login_web_app.cgi and use of Import Config File.

CVSS: 8.8 CWE: N/A View on NVD

2021-04-02

Medium

CVE-2021-30003

An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices. There is Stored XSS in the administrative interface via urlfilter.cgi?add url_address.

CVSS: 4.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2021-03-25

Medium

CVE-2021-26597

An issue was discovered in Nokia NetAct 18A. A remote user, authenticated to the NOKIA NetAct Web Page, can visit the Site Configuration Tool web site section and arbitrarily upload potentially dange…

CVSS: 6.5 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD

Medium

CVE-2021-26596

An issue was discovered in Nokia NetAct 18A. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The mo…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2019-11-25

Medium

CVE-2019-17406

Nokia IMPACT < 18A has path traversal that may lead to RCE if chained with CVE-2019-1743

CVSS: 5.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD

Medium

CVE-2019-17405

Nokia IMPACT < 18A: has Reflected self XSS

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2019-17404

Nokia IMPACT < 18A: allows full path disclosure

CVSS: 4.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD

High

CVE-2019-17403

Nokia IMPACT < 18A: An unrestricted File Upload vulnerability was found that may lead to Remote Code Execution.

CVSS: 8.8 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD

2019-03-21

Medium

CVE-2019-7386

A Denial of Service issue has been discovered in the Gecko component of KaiOS 2.5 10.05 (platform 48.0.a2) on Nokia 8810 4G devices. When a crafted web page is visited with the internal browser, the…

CVSS: 6.5 CWE: N/A View on NVD

2015-09-16

Medium

CVE-2015-6929

Multiple cross-site scripting (XSS) vulnerabilities in Nokia Networks (formerly Nokia Solutions and Networks and Nokia Siemens Networks) @vantage Commander allow remote attackers to inject arbitrary…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2015-07-01

Medium

CVE-2014-1750

Open redirect vulnerability in nokia-mapsplaces.php in the Nokia Maps & Places plugin 1.6.6 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks…

CVSS: 5.8 CWE: N/A View on NVD

2014-09-22

Medium

CVE-2014-6602

Microsoft Asha OS on the Microsoft Mobile Nokia Asha 501 phone 14.0.4 allows physically proximate attackers to bypass the lock-screen protection mechanism, and read or modify contact information or d…

CVSS: 6.6 CWE: CWE-264 View on NVD

2012-11-14

High

CVE-2012-2619

The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cau…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD

2012-07-25

Medium

CVE-2012-2442

Buffer overflow in the Video Manager in Nokia PC Suite 7.1.180.64 and earlier allows remote attackers to cause a denial of service via a crafted mp4 file.

CVSS: 4.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD

2011-03-29

High

CVE-2011-1472

The Nokia E75 phone with firmware before 211.12.01 allows physically proximate attackers to bypass the Device Lock code by entering an unspecified button sequence at boot time.

CVSS: 7.2 CWE: CWE-287 - Improper Authentication View on NVD

2011-03-03

Medium

CVE-2011-0713

Heap-based buffer overflow in wiretap/dct3trace.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) or possibly have u…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD

2011-01-20

Critical

CVE-2011-0498

Stack-based buffer overflow in Nokia Multimedia Player 1.00.55.5010, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbit…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD

2010-12-16

Medium

CVE-2010-4549

IBM Lotus Notes Traveler before 8.5.1.3 on the Nokia s60 device successfully performs a Replace Data operation for a prohibited application, which allows remote authenticated users to bypass intended…

CVSS: 4.0 CWE: CWE-264 View on NVD

Medium

CVE-2009-5035

The Nokia client in IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle multiple outgoing e-mail messages between sync operations, which might allow remote attackers to read communicatio…

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD

2009-09-02

Medium

CVE-2009-2700

src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows ma…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD

2009-07-20

High

CVE-2009-2538

The Nokia N95 running Symbian OS 9.2, N82, and N810 Internet Tablet allow remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Sel…

CVSS: 7.1 CWE: CWE-399 View on NVD

2009-02-25

Critical

CVE-2009-0734

Heap-based buffer overflow in MultimediaPlayer.exe 6.86.240.7 in Nokia PC Suite 6.86.9.3 allows remote attackers to execute arbitrary code via a long string in a .m3u playlist file.

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD

2009-02-20

High

CVE-2009-0649

The web browser in Symbian OS on the Nokia N95 cell phone allows remote attackers to cause a denial of service (crash) via JavaScript code that calls the setAttributeNode method.

CVSS: 7.8 CWE: N/A View on NVD

2009-01-02

High

CVE-2008-5827

The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware automatically installs software upon completing the download of a JAR file, which makes it easier for remote attackers to execu…

CVSS: 7.5 CWE: CWE-16 View on NVD

High

CVE-2008-5826

The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware allows remote attackers to cause a denial of service (device crash) via (1) a large value in the payload length field in an NDE…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD

Low

CVE-2008-5825

The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination…

CVSS: 2.6 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD

2008-09-19

High

CVE-2008-4135

Symbian OS S60 3rd edition on the Nokia E90 Communicator 07.40.1.2 Ra-6 and Nseries N82 allows remote attackers to cause a denial of service (device crash) via multiple deauthentication (DeAuth) fram…

CVSS: 7.8 CWE: CWE-399 View on NVD

2008-08-08

Critical

CVE-2008-3552

Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition FP1, and possibly later devices, allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP pri…

CVSS: 10.0 CWE: N/A View on NVD

Critical

CVE-2008-3553

Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition devices allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and per…

CVSS: 10.0 CWE: CWE-264 View on NVD

2007-12-15

High

CVE-2007-6371

Nokia N95 cell phone with RM-159 12.0.013 firmware allows remote attackers to cause a denial of service (device inoperability) via a SIP INVITE message accompanied by an immediately subsequent SIP CA…

CVSS: 7.1 CWE: CWE-20 - Improper Input Validation View on NVD

2007-05-11

Medium

CVE-2007-2590

Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to obtain user…

CVSS: 6.4 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD

High

CVE-2007-2591

usrmgr/userList.asp in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote a…

CVSS: 7.5 CWE: N/A View on NVD

Medium

CVE-2007-2592

Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireles…

CVSS: 4.3 CWE: N/A View on NVD

2007-01-26

Low

CVE-2007-0523

The Nokia N70 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by us…

CVSS: 3.3 CWE: CWE-20 - Improper Input Validation View on NVD

2006-08-31

Medium

CVE-2006-4464

The Nokia Browser, possibly Nokia Symbian 60 Browser 3rd edition, allows remote attackers to cause a denial of service (crash) via JavaScript that constructs a large Unicode string.

CVSS: 5.0 CWE: N/A View on NVD

2006-02-19

High

CVE-2006-0797

Nokia N70 cell phone allows remote attackers to cause a denial of service (reboot or shutdown) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2…

CVSS: 7.8 CWE: N/A View on NVD

2005-09-28

Medium

CVE-2005-3093

Nokia 7610 and 3210 phones allows attackers to cause a denial of service via certain characters in the filename of a Bluetooth OBEX transfer.

CVSS: 5.0 CWE: N/A View on NVD

2005-08-29

High

CVE-2005-2716

The event_pin_code_request function in the btsrv daemon (btsrv.c) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a Bluetooth device n…

CVSS: 7.5 CWE: N/A View on NVD

2005-07-15

Critical

CVE-2005-2277

Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename argument of a PUT command.

CVSS: 10.0 CWE: N/A View on NVD

2005-07-13

High

CVE-2005-2250

Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary code via a long filename in an OBEX file share.

CVSS: 7.5 CWE: N/A View on NVD

2005-05-26

Low

CVE-2005-1801

The vCard viewer in Nokia 9500 allows attackers to cause a denial of service (crash) via a vCard with a long Name field, which causes the crash when the user views it.

CVSS: 2.6 CWE: N/A View on NVD