Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-08-07	CVE-2023-20790	Out-of-bounds Write vulnerability in multiple products In nvram, there is a possible out of bounds write due to a missing bounds check. local low complexity linuxfoundation rdkcentral google openwrt CWE-787	4.4
2023-08-07	CVE-2023-20796	Out-of-bounds Write vulnerability in multiple products In power, there is a possible memory corruption due to an incorrect bounds check. local low complexity linuxfoundation rdkcentral google openwrt CWE-787	4.4
2023-06-06	CVE-2023-20725	Out-of-bounds Write vulnerability in multiple products In preloader, there is a possible out of bounds write due to a missing bounds check. local low complexity rdkcentral google openwrt CWE-787	6.7
2019-06-20	CVE-2019-6961	Missing Authorization vulnerability in Rdkcentral Rdkb Ccsppandm Rdkb201812171 Incorrect access control in actionHandlerUtility.php in the RDK RDKB-20181217-1 WebUI module allows a logged in user to control DDNS, QoS, RIP, and other privileged configurations (intended only for the network operator) by sending an HTTP POST to the PHP backend, because the page filtering for non-superuser (in header.php) is done only for GET requests and not for direct AJAX calls. network low complexity rdkcentral CWE-862	6.5