GCVE - cpe:2.3:a:ericsson:indoor_connect_8855:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ericsson:indoor_connect_8855:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Ericsson (`198bbf36-f632-548c-bd14-c61a678abe8e`)
Product	Indoor Connect 8855 (`ec2df845-0c46-5bf2-9c1b-6e6b0a19c5f1`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-40842`	vulnerable	2026-06-03 15:01:14.030922	Ericsson Indoor Connect 8855 - Improper Neutralization of Input During Web Page Generation Vulnerability Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Scripting (XSS) vulnerability which, if exploited, can lead to unauthorized disclosure and modification of certain information. Published: 2026-03-25T13:10:44.010Z Updated: 2026-03-25T13:44:10.955Z Open on db.gcve.eu Reference links https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-indoorconnect-march-2026 https://www.ericsson.com/en/about-us/security/psirt/CVE-2025-40842	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-40841`	vulnerable	2026-06-03 15:01:14.030327	Ericsson Indoor Connect 8855 - Cross-Site Request Forgery Vulnerability Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Request Forgery (CSRF) vulnerability which, if exploited, can lead to unauthorized modification of certain information. Published: 2026-03-25T13:07:53.229Z Updated: 2026-03-25T13:44:45.962Z Open on db.gcve.eu Reference links https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-indoorconnect-march-2026 https://www.ericsson.com/en/about-us/security/psirt/CVE-2025-40841	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-40838`	vulnerable	2026-06-03 15:01:14.029968	Ericsson Indoor Connect 8855 - Insufficiently Protected Credentials Vulnerability Ericsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed in the client which if exploited can lead to unauthorized disclosure of certain information. Published: 2025-09-25T14:54:43.229Z Updated: 2025-09-30T12:15:44.492Z Open on db.gcve.eu Reference links https://www.ericsson.com/en/about-us/security/psirt/e2025-09-25	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-40837`	vulnerable	2026-06-03 15:01:14.029530	Ericsson Indoor Connect 8855 - Missing Authorization Vulnerability Ericsson Indoor Connect 8855 contains a missing authorization vulnerability which if exploited can allow access to the system as a user with higher privileges than intended. Published: 2025-09-25T14:52:23.376Z Updated: 2025-09-30T12:15:13.648Z Open on db.gcve.eu Reference links https://www.ericsson.com/en/about-us/security/psirt/e2025-09-25	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-40836`	vulnerable	2026-06-03 15:01:14.027888	Ericsson Indoor Connect 8855 - Improper Input Validation Vulnerability Ericsson Indoor Connect 8855 contains an improper input validation vulnerability which if exploited can allow an attacker to execute commands with escalated privileges. Published: 2025-09-25T14:49:02.613Z Updated: 2025-09-30T12:14:36.904Z Open on db.gcve.eu Reference links https://www.ericsson.com/en/about-us/security/psirt/e2025-09-25	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-27262`	vulnerable	2026-06-03 15:00:11.969798	Ericsson Indoor Connect 8855 - Improper Neutralization of Special Elements used in an OS Command Vulnerability Ericsson Indoor Connect 8855 contains a command injection vulnerability which if exploited can result in an escalation of privileges. Published: 2025-09-25T14:43:29.803Z Updated: 2025-09-30T12:13:16.746Z Open on db.gcve.eu Reference links https://www.ericsson.com/en/about-us/security/psirt/e2025-09-25	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-27261`	vulnerable	2026-06-03 15:00:11.969191	Ericsson Indoor Connect 8855 - Improper Neutralization of Special Elements used in an SQL Command Vulnerability Ericsson Indoor Connect 8855 contains an SQL injection vulnerability which if exploited can result in unauthorized disclosure or modification of data. Published: 2025-09-25T13:47:06.233Z Updated: 2025-09-30T12:12:39.842Z Open on db.gcve.eu Reference links https://www.ericsson.com/en/about-us/security/psirt/e2025-09-25	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-27260`	vulnerable	2026-06-03 15:00:11.966114	Ericsson Indoor Connect 8855 - Improper Filtering of Special Elements Vulnerability Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special Elements vulnerability which, if exploited, can lead to unauthorized modification of certain information Published: 2026-03-25T12:54:46.406Z Updated: 2026-03-25T13:50:33.976Z Open on db.gcve.eu Reference links https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-indoorconnect-march-2026 https://www.ericsson.com/en/about-us/security/psirt/CVE-2025-27260	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.