CVE-2022-39817

Name of the Vulnerable Software and Affected Versions NOKIA 1350 OMS version R14.2

Description The issue involves multiple SQL Injection vulnerabilities. These vulnerabilities can be exploited by an authenticated attacker, who can inject arbitrary SQL statements to modify query syntax and perform unauthorized operations against the remote database. The vulnerabilities are present in specific API endpoints, such as /cgi-bin/R14.2/easy1350.pl via the id or host HTTP GET parameter, and /cgi-bin/R14.2/cgi-bin/R14.2/host.pl via the host HTTP GET parameter.

Recommendations For NOKIA 1350 OMS version R14.2, consider restricting access to the vulnerable API endpoints /cgi-bin/R14.2/easy1350.pl and /cgi-bin/R14.2/cgi-bin/R14.2/host.pl to minimize the risk of exploitation. Avoid using the id and host parameters in these endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.