Description
Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Symptom Collector application.
Published: 2026-04-07
Score: 8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is an OS command injection in the Symptom Collector application of Nokia MantaRay NM, arising from insufficient sanitization of special elements used in OS commands. This flaw allows an attacker to inject arbitrary commands into the underlying operating system, turning it into a remote code execution vector. If successfully exploited, the attacker could execute any system command with the privileges of the Symptom Collector process, potentially compromising confidentiality, integrity, or availability of the device.

Affected Systems

The affected product is Nokia MantaRay NM. No specific firmware or software version ranges are cited in the available data. Administrators should review the Nokia security advisory linked above to determine whether their deployed versions are susceptible.

Risk and Exploitability

The CVSS score of 8 classifies the issue as High severity. The EPSS value of less than 1% indicates a low probability of exploitation under current conditions, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that exploitation would occur remotely through the Symptom Collector interface, requiring network access to the device. The path would involve submitting a crafted input that bypasses sanitization and triggers the underlying OS command execution.

Generated by OpenCVE AI on April 8, 2026 at 18:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official Nokia patch or upgrade to the latest MantaRay NM firmware that eliminates the OS command injection in the Symptom Collector component.
  • Verify that any external interfaces exposing Symptom Collector are secured behind authentication and firewall rules to limit access to trusted users only.
  • If a patch is not yet available, consider disabling or restricting access to the Symptom Collector application until remediation is applied.

Generated by OpenCVE AI on April 8, 2026 at 18:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:nokia:mantaray_nm:*:*:*:*:*:*:*:*

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Nokia
Nokia mantaray Nm
Vendors & Products Nokia
Nokia mantaray Nm

Wed, 08 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-78
Metrics cvssV3_1

{'score': 8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 07 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Description Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Symptom Collector application.
Title An OS Command Injection vulnerability in Nokia MantaRay NM
References

Subscriptions

Nokia Mantaray Nm
cve-icon MITRE

Status: PUBLISHED

Assigner: Nokia

Published:

Updated: 2026-04-08T16:15:12.963Z

Reserved: 2025-01-24T13:25:43.869Z

Link: CVE-2025-24817

cve-icon Vulnrichment

Updated: 2026-04-08T15:48:07.045Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-07T16:16:22.690

Modified: 2026-04-22T18:54:09.863

Link: CVE-2025-24817

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:48:28Z

Weaknesses