Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

telstra

Source -

ADPNVDCNA

BOS Name -

N/A

CNA CVEs -

1

ADP CVEs -

2

CISA CVEs -

0

NVD CVEs -

2
Related CVEsRelated ProductsRelated AssignersReports
3Vulnerabilities found
CVE-2025-54992
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 21.10%
||
7 Day CHG~0.00%
Published-11 Aug, 2025 | 21:34
Updated-12 Aug, 2025 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenKilda XXE in SAML configuration

OpenKilda is an open-source OpenFlow controller. Prior to version 1.164.0, an XML external entity (XXE) injection vulnerability was found in OpenKilda which in combination with GHSL-2025-024 allows unauthenticated attackers to exfiltrate information from the instance where the OpenKilda UI is running. This issue may lead to Information disclosure. This issue has been patched in version 1.164.0.

Action-Not Available
Vendor-telstra
Product-open-kilda
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2023-43478
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-8.8||HIGH
EPSS-3.35% / 86.81%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 13:03
Updated-24 Sep, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated configuration restore and firmware update

fake_upload.cgi on the Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, allows unauthenticated attackers to upload firmware images and configuration backups, which could allow them to alter the firmware or the configuration on the device, ultimately leading to code execution as root. 

Action-Not Available
Vendor-telstraTelstratelstra
Product-arcadyan_lh1000arcadyan_lh1000_firmwareSmart Modem Gen 2 (Arcadyan LH1000)arcadyan_lh1000
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-43477
Assigner-Tenable Network Security, Inc.
ShareView Details
Assigner-Tenable Network Security, Inc.
CVSS Score-6.8||MEDIUM
EPSS-20.77% / 95.38%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 12:41
Updated-24 Sep, 2024 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Post-Auth Command Injection in Telstra Smart Modem Gen 2 (Arcadyan LH1000)

The ping_from parameter of ping_tracerte.cgi in the web UI of Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, was not properly sanitized before being used in a system call, which could allow an authenticated attacker to achieve command injection as root on the device. 

Action-Not Available
Vendor-telstraTelstratelstra
Product-arcadyan_lh1000arcadyan_lh1000_firmwareSmart Modem Gen 2 (Arcadyan LH1000)arcadyan_lh1000
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')