Vulnerabilities > Kddi > Home Spot Cube Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-01-30 CVE-2016-1141 OS Command Injection vulnerability in Kddi Home Spot Cube Firmware 2.0
KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.
network
low complexity
kddi CWE-78
6.5
2016-01-30 CVE-2016-1140 7PK - Security Features vulnerability in Kddi Home Spot Cube Firmware 2.0
KDDI HOME SPOT CUBE devices before 2 allow remote attackers to conduct clickjacking attacks via unspecified vectors.
network
kddi CWE-254
4.3
2016-01-30 CVE-2016-1139 Cross-Site Request Forgery (CSRF) vulnerability in Kddi Home Spot Cube Firmware 2.0
Cross-site request forgery (CSRF) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
network
kddi CWE-352
6.8
2016-01-30 CVE-2016-1138 Unspecified vulnerability in Kddi Home Spot Cube Firmware 2.0
CRLF injection vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to inject arbitrary HTTP headers via unspecified vectors.
network
kddi
4.3
2016-01-30 CVE-2016-1137 Unspecified vulnerability in Kddi Home Spot Cube Firmware 2.0
Open redirect vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
network
kddi
5.8