CVE-2021-31932

Name of the Vulnerable Software and Affected Versions Nokia BTS TRS web console version FTM W20 FP2 2019.08.16 0010

Description The issue allows a malicious unauthenticated user to bypass authentication and gain access to all functionalities exposed via the web panel. This can be achieved by using URL encoding for the . character, effectively circumventing the authentication process.

Recommendations For version FTM W20 FP2 2019.08.16 0010, as a temporary workaround, consider restricting access to the web console to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.