Vulnerabilities > Kddi

DATE CVE VULNERABILITY TITLE RISK
2017-07-07 CVE-2017-2184 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Kddi Home Spot Cube 2 Firmware V100/V101
Buffer overflow in HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to execute arbitrary code via WebUI.
low complexity
kddi CWE-119
8.8
2017-07-07 CVE-2017-2183 OS Command Injection vulnerability in Kddi Home Spot Cube 2 Firmware V100/V101
HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings.
low complexity
kddi CWE-78
8.0
2016-01-30 CVE-2016-1141 OS Command Injection vulnerability in Kddi Home Spot Cube Firmware 2.0
KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.
network
low complexity
kddi CWE-78
4.7
2016-01-30 CVE-2016-1140 7PK - Security Features vulnerability in Kddi Home Spot Cube Firmware 2.0
KDDI HOME SPOT CUBE devices before 2 allow remote attackers to conduct clickjacking attacks via unspecified vectors.
network
low complexity
kddi CWE-254
6.1
2016-01-30 CVE-2016-1139 Cross-Site Request Forgery (CSRF) vulnerability in Kddi Home Spot Cube Firmware 2.0
Cross-site request forgery (CSRF) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
network
high complexity
kddi CWE-352
7.5
2016-01-30 CVE-2016-1138 Unspecified vulnerability in Kddi Home Spot Cube Firmware 2.0
CRLF injection vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to inject arbitrary HTTP headers via unspecified vectors.
network
low complexity
kddi
4.7
2016-01-30 CVE-2016-1137 Unspecified vulnerability in Kddi Home Spot Cube Firmware 2.0
Open redirect vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
network
low complexity
kddi
7.4
2016-01-30 CVE-2016-1136 Cross-site Scripting vulnerability in Kddi Home Spot Cube Firmware 2.0
Cross-site scripting (XSS) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
kddi CWE-79
5.4