Vulnerabilities > Kddi

DATE CVE VULNERABILITY TITLE RISK
2017-07-07 CVE-2017-2183 OS Command Injection vulnerability in Kddi Home Spot Cube 2 Firmware V100/V101
HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings.
low complexity
kddi CWE-78
5.2
2016-01-30 CVE-2016-1141 OS Command Injection vulnerability in Kddi Home Spot Cube Firmware 2.0
KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.
network
low complexity
kddi CWE-78
6.5
2016-01-30 CVE-2016-1140 7PK - Security Features vulnerability in Kddi Home Spot Cube Firmware 2.0
KDDI HOME SPOT CUBE devices before 2 allow remote attackers to conduct clickjacking attacks via unspecified vectors.
network
kddi CWE-254
4.3
2016-01-30 CVE-2016-1139 Cross-Site Request Forgery (CSRF) vulnerability in Kddi Home Spot Cube Firmware 2.0
Cross-site request forgery (CSRF) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
network
kddi CWE-352
6.8
2016-01-30 CVE-2016-1138 Unspecified vulnerability in Kddi Home Spot Cube Firmware 2.0
CRLF injection vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to inject arbitrary HTTP headers via unspecified vectors.
network
kddi
4.3
2016-01-30 CVE-2016-1137 Unspecified vulnerability in Kddi Home Spot Cube Firmware 2.0
Open redirect vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
network
kddi
5.8
2016-01-30 CVE-2016-1136 Cross-site Scripting vulnerability in Kddi Home Spot Cube Firmware 2.0
Cross-site scripting (XSS) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
kddi CWE-79
3.5
2007-07-11 CVE-2007-3692 Directory Traversal vulnerability in Kddi Ezfactory Download CGI 1.0
Directory traversal vulnerability in download.cgi in EZFactory KDDI Download CGI 1.x allows remote attackers to read and download arbitrary files via a ..
network
low complexity
kddi
7.8