What is the severity of CVE-2019-3920?

CVE-2019-3920 is classified as a high severity vulnerability that allows authenticated command injection.

How do I fix CVE-2019-3920?

To fix CVE-2019-3920, upgrade the firmware of the Alcatel Lucent I-240W-Q GPON ONT to a secure version beyond 3FE54567BOZJ19.

Who is affected by CVE-2019-3920?

CVE-2019-3920 affects users of the Nokia I-240W-Q GPON ONT with firmware version 3FE54567BOZJ19.

What type of vulnerability is CVE-2019-3920?

CVE-2019-3920 is an authenticated command injection vulnerability.

Can CVE-2019-3920 be exploited remotely?

Yes, CVE-2019-3920 can be exploited remotely by an authenticated attacker through crafted HTTP requests.

Vulnerability/
CVE-2019-3920

high

8.8

CWE

77 78

5/3/2019

21/11/2024

CVE-2019-3920: Command Injection

First published: Tue Mar 05 2019(Updated: )

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to authenticated command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/device_Form?script/.

Credit: vulnreport@tenable.com vulnreport@tenable.com

Affected Software	Affected Version	How to fix
Nokia I-240w-q Gpon Ont Firmware	=3fe54567bozj19
Nokia I-240w-q Gpon Ont
All of
Nokia I-240w-q Gpon Ont Firmware	=3fe54567bozj19
Nokia I-240w-q Gpon Ont

Never miss a vulnerability like this again

Reference Links

https://www.tenable.com/security/research/tra-2019-09

Frequently Asked Questions

What is the severity of CVE-2019-3920?
CVE-2019-3920 is classified as a high severity vulnerability that allows authenticated command injection.
How do I fix CVE-2019-3920?
To fix CVE-2019-3920, upgrade the firmware of the Alcatel Lucent I-240W-Q GPON ONT to a secure version beyond 3FE54567BOZJ19.
Who is affected by CVE-2019-3920?
CVE-2019-3920 affects users of the Nokia I-240W-Q GPON ONT with firmware version 3FE54567BOZJ19.
What type of vulnerability is CVE-2019-3920?
CVE-2019-3920 is an authenticated command injection vulnerability.
Can CVE-2019-3920 be exploited remotely?
Yes, CVE-2019-3920 can be exploited remotely by an authenticated attacker through crafted HTTP requests.

collector/nvd-index
agent/weakness
agent/type
agent/references
agent/severity
agent/description
collector/mitre-cve
source/MITRE
agent/first-publish-date
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
agent/author
agent/event
agent/softwarecombine
agent/tags
agent/source
vendor/nokia
canonical/nokia i-240w-q gpon ont firmware
version/nokia i-240w-q gpon ont firmware/3fe54567bozj19
canonical/nokia i-240w-q gpon ont

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2019-3920?
CVE-2019-3920 is classified as a high severity vulnerability that allows authenticated command injection.
How do I fix CVE-2019-3920?
To fix CVE-2019-3920, upgrade the firmware of the Alcatel Lucent I-240W-Q GPON ONT to a secure version beyond 3FE54567BOZJ19.
Who is affected by CVE-2019-3920?
CVE-2019-3920 affects users of the Nokia I-240W-Q GPON ONT with firmware version 3FE54567BOZJ19.
What type of vulnerability is CVE-2019-3920?
CVE-2019-3920 is an authenticated command injection vulnerability.
Can CVE-2019-3920 be exploited remotely?
Yes, CVE-2019-3920 can be exploited remotely by an authenticated attacker through crafted HTTP requests.