Login Sign Up

CVE-2021-31932

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

This vulnerability allows unauthenticated attackers to bypass authentication on Nokia BTS TRS web consoles by using URL encoding for the dot character. Attackers can access all web panel functionalities without credentials. Organizations using affected Nokia transport modules are at risk.

💻 Affected Systems

Products:
  • Nokia BTS TRS (Transport Module)
Versions: FTM_W20_FP2_2019.08.16_0010 and likely earlier versions
Operating Systems: Embedded system (specific OS unknown)
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the web console interface of the transport module. Specific configuration details are limited in public information.

📦 What is this software?

Bts Trs Web Console by Nokia

View all CVEs affecting Bts Trs Web Console →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the transport module allowing configuration changes, service disruption, and potential lateral movement to connected telecom infrastructure.

🟠

Likely Case

Unauthorized access to sensitive configuration data, monitoring information, and potential service manipulation.

🟢

If Mitigated

Limited impact if network segmentation prevents external access and strict access controls are in place.

🌐 Internet-Facing: HIGH - Web consoles exposed to internet are directly exploitable without authentication.
🏢 Internal Only: HIGH - Even internally, any user with network access can bypass authentication.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit involves simple URL manipulation with dot character encoding. Public exploit code exists in Packet Storm references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown - Nokia has not published public advisory

Restart Required: No

Instructions:

No official patch available. Contact Nokia support for guidance. Consider upgrading to latest firmware if available.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Nokia transport modules from untrusted networks and restrict access to authorized management networks only.

Web Console Access Restriction

all

Implement firewall rules to block external access to the web console port (typically HTTP/HTTPS).

🧯 If You Can't Patch

  • Implement strict network access controls allowing only authorized IP addresses to access the web console
  • Monitor for unusual authentication bypass attempts and URL encoding patterns in web logs

🔍 How to Verify

Check if Vulnerable:

Attempt to access protected web console pages using URL-encoded dot characters (e.g., %2E instead of .) without authentication.

Check Version:

Check web console interface or system information page for version FTM_W20_FP2_2019.08.16_0010 or similar

Verify Fix Applied:

Verify that URL encoding techniques no longer bypass authentication and proper login is required for all protected pages.

📡 Detection & Monitoring

Log Indicators:

  • Failed authentication attempts followed by successful access without proper login
  • Requests containing URL-encoded dot characters (%2E) to protected resources

Network Indicators:

  • Unauthenticated HTTP requests to administrative endpoints
  • Traffic patterns showing access to multiple protected pages without authentication sequences

SIEM Query:

web.url CONTAINS "%2E" AND (web.status_code = 200 OR web.status_code = 302) AND NOT auth.success = true

📊 Metadata

CVE ID: CVE-2021-31932
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: February 11, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON