Vulnerabilities > Kddi > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-02 | CVE-2024-21780 | Out-of-bounds Write vulnerability in Kddi Home Spot Cube 2 Firmware V102 Stack-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. | 7.5 |
| 2022-07-04 | CVE-2022-33948 | OS Command Injection vulnerability in Kddi Home Spot Cube 2 Firmware V100/V101/V102 HOME SPOT CUBE2 V102 contains an OS command injection vulnerability due to improper processing of data received from DHCP server. | 8.8 |
| 2018-02-08 | CVE-2018-0517 | Untrusted Search Path vulnerability in Kddi Anshin NET Security Untrusted search path vulnerability in Anshin net security for Windows Version 16.0.1.44 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
| 2017-08-18 | CVE-2017-2289 | Untrusted Search Path vulnerability in Kddi QUA Station Firmware 1.00.03 Untrusted search path vulnerability in Installer of Qua station connection tool for Windows version 1.00.03 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
| 2017-07-07 | CVE-2017-2186 | Improper Authentication vulnerability in Kddi Home Spot Cube 2 Firmware V100/V101 HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to bypass authentication to load malicious firmware via WebUI. | 8.8 |
| 2017-07-07 | CVE-2017-2185 | OS Command Injection vulnerability in Kddi Home Spot Cube 2 Firmware V100/V101 HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via WebUI. | 8.8 |
| 2017-07-07 | CVE-2017-2184 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Kddi Home Spot Cube 2 Firmware V100/V101 Buffer overflow in HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to execute arbitrary code via WebUI. | 8.8 |
| 2017-07-07 | CVE-2017-2183 | OS Command Injection vulnerability in Kddi Home Spot Cube 2 Firmware V100/V101 HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings. | 8.0 |
| 2016-01-30 | CVE-2016-1139 | Cross-Site Request Forgery (CSRF) vulnerability in Kddi Home Spot Cube Firmware 2.0 Cross-site request forgery (CSRF) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 7.5 |
| 2016-01-30 | CVE-2016-1137 | Unspecified vulnerability in Kddi Home Spot Cube Firmware 2.0 Open redirect vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 7.4 |