Vulnerabilities > Kddi > Home Spot Cube Firmware > 2.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-01-30 | CVE-2016-1141 | OS Command Injection vulnerability in Kddi Home Spot Cube Firmware 2.0 KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS commands via unspecified vectors. | 6.5 |
| 2016-01-30 | CVE-2016-1140 | 7PK - Security Features vulnerability in Kddi Home Spot Cube Firmware 2.0 KDDI HOME SPOT CUBE devices before 2 allow remote attackers to conduct clickjacking attacks via unspecified vectors. | 4.3 |
| 2016-01-30 | CVE-2016-1139 | Cross-Site Request Forgery (CSRF) vulnerability in Kddi Home Spot Cube Firmware 2.0 Cross-site request forgery (CSRF) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
| 2016-01-30 | CVE-2016-1138 | Unspecified vulnerability in Kddi Home Spot Cube Firmware 2.0 CRLF injection vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to inject arbitrary HTTP headers via unspecified vectors. network kddi | 4.3 |
| 2016-01-30 | CVE-2016-1137 | Unspecified vulnerability in Kddi Home Spot Cube Firmware 2.0 Open redirect vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. network kddi | 5.8 |
| 2016-01-30 | CVE-2016-1136 | Cross-site Scripting vulnerability in Kddi Home Spot Cube Firmware 2.0 Cross-site scripting (XSS) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |