Vulnerabilities > Kddi > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-12-21 CVE-2022-43543 KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App contain a vulnerability caused by improper handling of Unicode control characters.
network
low complexity
kddi docomo softbank
5.4
5.4
2018-11-15 CVE-2018-0691 Improper Certificate Validation vulnerability in multiple products
Multiple +Message Apps (Softbank +Message App for Android prior to version 10.1.7, Softbank +Message App for iOS prior to version 1.1.23, NTT DOCOMO +Message App for Android prior to version 42.40.2800, NTT DOCOMO +Message App for iOS prior to version 1.1.23, KDDI +Message App for Android prior to version 1.0.6, and KDDI +Message App for iOS prior to version 1.1.23) do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
network
high complexity
kddi ntttocomo softbank ntt-tocomo CWE-295
5.9
5.9
2016-01-30 CVE-2016-1141 OS Command Injection vulnerability in Kddi Home Spot Cube Firmware 2.0
KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.
network
low complexity
kddi CWE-78
4.7
4.7
2016-01-30 CVE-2016-1140 7PK - Security Features vulnerability in Kddi Home Spot Cube Firmware 2.0
KDDI HOME SPOT CUBE devices before 2 allow remote attackers to conduct clickjacking attacks via unspecified vectors.
network
low complexity
kddi CWE-254
6.1
6.1
2016-01-30 CVE-2016-1138 Unspecified vulnerability in Kddi Home Spot Cube Firmware 2.0
CRLF injection vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to inject arbitrary HTTP headers via unspecified vectors.
network
low complexity
kddi
4.7
4.7
2016-01-30 CVE-2016-1136 Cross-site Scripting vulnerability in Kddi Home Spot Cube Firmware 2.0
Cross-site scripting (XSS) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
kddi CWE-79
5.4
5.4