Command Injection Vulnerability in Alcatel Lucent I-240W-Q GPON ONT
CVE-2019-3919
8.8HIGH
What is CVE-2019-3919?
The Alcatel Lucent I-240W-Q GPON ONT is susceptible to a command injection vulnerability that can be exploited by a remote, authenticated attacker. This occurs through specially crafted HTTP requests directed at the /GponForm/usb_restore_Form?script/ endpoint. If successfully executed, this may allow an attacker to execute arbitrary commands on the device, potentially compromising its integrity and security.
Affected Version(s)
Alcatel Lucent I-240W-Q GPON ONT Firmware version 3FE54567BOZJ19