Vulnerabilities > Rdkcentral

DATE	CVE	VULNERABILITY TITLE	RISK
2019-06-20	CVE-2019-6962	OS Command Injection vulnerability in Rdkcentral Rdkb Ccsppandm Rdkb201812171 A shell injection issue in cosa_wifi_apis.c in the RDK RDKB-20181217-1 CcspWifiAgent module allows attackers with login credentials to execute arbitrary shell commands under the CcspWifiSsp process (running as root) if the platform was compiled with the ENABLE_FEATURE_MESHWIFI macro. network high complexity rdkcentral CWE-78	7.5
2019-06-20	CVE-2019-6961	Missing Authorization vulnerability in Rdkcentral Rdkb Ccsppandm Rdkb201812171 Incorrect access control in actionHandlerUtility.php in the RDK RDKB-20181217-1 WebUI module allows a logged in user to control DDNS, QoS, RIP, and other privileged configurations (intended only for the network operator) by sending an HTTP POST to the PHP backend, because the page filtering for non-superuser (in header.php) is done only for GET requests and not for direct AJAX calls. network low complexity rdkcentral CWE-862	6.5

Vulnerabilities > Rdkcentral {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Rdkcentral"}]}