Description
Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Log Search application.
Published: 2026-04-07
Score: 8 High
EPSS: < 1% Very Low
KEV: No
Impact: OS Command Injection
Action: Immediate Patch
AI Analysis

Impact

Nokia MantaRay NM has an OS command injection issue caused by improper handling of special characters in the Log Search application. An attacker could exploit this flaw to execute arbitrary system commands, potentially compromising the affected device’s confidentiality, integrity, and availability.

Affected Systems

The vulnerability affects Nokia MantaRay NM. No specific firmware or release versions are provided, so all current installations of the product are potentially impacted.

Risk and Exploitability

The CVSS score of 8 indicates high severity. EPSS data is unavailable, and the flaw is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is remote exploitation through the Log Search interface, requiring network access and the ability to craft inputs containing special elements. The attacker could gain elevated privileges or control over the device, leading to full system compromise.

Generated by OpenCVE AI on April 7, 2026 at 23:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑issued patch for Nokia MantaRay NM as soon as it becomes available
  • Verify the device is running a patched version after remediation
  • If a patch is not yet available, restrict access to the Log Search feature or block the affected ports from external networks
  • Monitor logs for anomalous command execution patterns and conduct regular vulnerability scans

Generated by OpenCVE AI on April 7, 2026 at 23:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:nokia:mantaray_nm:*:*:*:*:*:*:*:*

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Nokia
Nokia mantaray Nm
Vendors & Products Nokia
Nokia mantaray Nm

Tue, 07 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-77
Metrics cvssV3_1

{'score': 8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 07 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Description Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Log Search application.
Title An OS Command Injection vulnerability in Nokia MantaRay NM
References

Subscriptions

Nokia Mantaray Nm
cve-icon MITRE

Status: PUBLISHED

Assigner: Nokia

Published:

Updated: 2026-04-07T20:11:29.811Z

Reserved: 2025-01-24T13:25:43.870Z

Link: CVE-2025-24818

cve-icon Vulnrichment

Updated: 2026-04-07T20:07:43.877Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-07T16:16:22.813

Modified: 2026-04-22T18:54:40.833

Link: CVE-2025-24818

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:48:27Z

Weaknesses