Remote Code Execution Vulnerability in Alcatel Lucent I-240W-Q GPON ONT
CVE-2019-3917

7.5HIGH

Key Information:

Vendor: Tenable
Status: Alcatel Lucent I-240w-q Gpon Ont
Vendor: CVE Published:; 5 March 2019

What is CVE-2019-3917?

The Alcatel Lucent I-240W-Q GPON ONT, when operating on firmware version 3FE54567BOZJ19, has a vulnerability that allows an attacker to remotely enable telnetd without authentication. This can be exploited via a specially crafted HTTP request, potentially giving an attacker unauthorized access to the device.

Affected Version(s)

Alcatel Lucent I-240W-Q GPON ONT Firmware version 3FE54567BOZJ19

References

https://www.tenable.com/security/research/tra-2019-09

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 5, 2019
Vulnerability Reserved
Jan 3, 2019

Tenable

What is CVE-2019-3917?

Affected Version(s)

References

CVSS V3.1

Timeline