Vulnerabilities > Rdkcentral > Rdkb Ccsppandm > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-06-20 | CVE-2019-6964 | Out-of-bounds Read vulnerability in Rdkcentral Rdkb Ccsppandm Rdkb201812171 A heap-based buffer over-read in Service_SetParamStringValue in cosa_x_cisco_com_ddns_dml.c of the RDK RDKB-20181217-1 CcspPandM module may allow attackers with login credentials to achieve information disclosure and code execution by crafting an AJAX call responsible for DDNS configuration with an exactly 64-byte username, password, or domain, for which the buffer size is insufficient for the final '\0' character. | 6.5 |
2019-06-20 | CVE-2019-6963 | Out-of-bounds Write vulnerability in Rdkcentral Rdkb Ccsppandm Rdkb201812171 A heap-based buffer overflow in cosa_dhcpv4_dml.c in the RDK RDKB-20181217-1 CcspPandM module may allow attackers with login credentials to achieve remote code execution by crafting a long buffer in the "Comment" field of an IP reservation form in the admin panel. | 6.5 |
2019-06-20 | CVE-2019-6961 | Missing Authorization vulnerability in Rdkcentral Rdkb Ccsppandm Rdkb201812171 Incorrect access control in actionHandlerUtility.php in the RDK RDKB-20181217-1 WebUI module allows a logged in user to control DDNS, QoS, RIP, and other privileged configurations (intended only for the network operator) by sending an HTTP POST to the PHP backend, because the page filtering for non-superuser (in header.php) is done only for GET requests and not for direct AJAX calls. | 4.0 |