Vulnerabilities > Nttdocomo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-01 | CVE-2021-20847 | Cross-site Scripting vulnerability in Nttdocomo Wi-Fi Station Sh-52A Firmware Cross-site scripting vulnerability in Wi-Fi STATION SH-52A (38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C) allows a remote unauthenticated attacker to inject an arbitrary script via WebUI of the device. | 6.1 |
| 2019-02-13 | CVE-2019-5914 | NULL Pointer Dereference vulnerability in Nttdocomo V20 PRO L-01J Firmware L01J20C/L01J20D V20 PRO L-01J software version L01J20c and L01J20d has a NULL pointer exception flaw that can be used by an attacker to cause the device to crash on the same network range via a specially crafted access point. | 5.3 |
| 2017-11-13 | CVE-2017-10871 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nttdocomo Wi-Fi Station L-02F Firmware L02Fmdm9625V10Hjun232017Dcmjp Buffer overflow in NTT DOCOMO Wi-Fi STATION L-02F Software version L02F-MDM9625-V10h-JUN-23-2017-DCM-JP and earlier allows an attacker to execute arbitrary code via unspecified vectors. | 9.8 |
| 2017-09-15 | CVE-2017-10846 | Missing Authorization vulnerability in Nttdocomo Wi-Fi Station L-02F Firmware L02Fmdm9625V10Hjun232017Dcmjp/V10B Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors. | 7.5 |
| 2017-09-15 | CVE-2017-10845 | Unspecified vulnerability in Nttdocomo Wi-Fi Station L-02F Firmware L02Fmdm9625V10Hjun232017Dcmjp/V10B/V10G Wi-Fi STATION L-02F Software version V10g and earlier allows remote attackers to access the device with administrative privileges and perform unintended operations through a backdoor account. | 9.8 |
| 2017-08-29 | CVE-2017-10812 | Untrusted Search Path vulnerability in Nttdocomo Photo Collection PC Software 4.0.2 Untrusted search path vulnerability in Photo Collection PC Software Ver.4.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
| 2017-05-22 | CVE-2016-4854 | Cross-Site Request Forgery (CSRF) vulnerability in Nttdocomo L-04D Firmware V10A/V10B Cross-site request forgery (CSRF) vulnerability in L-04D firmware version V10a and V10b allows remote attackers to hijack the authentication of administrators to perform arbitrary operations via unspecified vectors. | 8.8 |