Vulnerabilities > Kddi
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-07 | CVE-2017-2184 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Kddi Home Spot Cube 2 Firmware V100/V101 Buffer overflow in HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to execute arbitrary code via WebUI. | 8.8 |
| 2017-07-07 | CVE-2017-2183 | OS Command Injection vulnerability in Kddi Home Spot Cube 2 Firmware V100/V101 HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings. | 8.0 |
| 2016-01-30 | CVE-2016-1141 | OS Command Injection vulnerability in Kddi Home Spot Cube Firmware 2.0 KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS commands via unspecified vectors. | 4.7 |
| 2016-01-30 | CVE-2016-1140 | 7PK - Security Features vulnerability in Kddi Home Spot Cube Firmware 2.0 KDDI HOME SPOT CUBE devices before 2 allow remote attackers to conduct clickjacking attacks via unspecified vectors. | 6.1 |
| 2016-01-30 | CVE-2016-1139 | Cross-Site Request Forgery (CSRF) vulnerability in Kddi Home Spot Cube Firmware 2.0 Cross-site request forgery (CSRF) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 7.5 |
| 2016-01-30 | CVE-2016-1138 | Unspecified vulnerability in Kddi Home Spot Cube Firmware 2.0 CRLF injection vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to inject arbitrary HTTP headers via unspecified vectors. | 4.7 |
| 2016-01-30 | CVE-2016-1137 | Unspecified vulnerability in Kddi Home Spot Cube Firmware 2.0 Open redirect vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 7.4 |
| 2016-01-30 | CVE-2016-1136 | Cross-site Scripting vulnerability in Kddi Home Spot Cube Firmware 2.0 Cross-site scripting (XSS) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |