Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2018
CVE-2018-13358
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "checkName" parameter.
CVSS Score
8.8
EPSS Score
0.204
Published
2018-11-27
CVE-2018-0719
Cross-site Scripting (XSS) vulnerability in NAS devices of QNAP Systems Inc. QTS allows attackers to inject javascript. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on build 20180711; version 4.3.3 and prior versions on build 20180725; version 4.3.4 and prior versions on build 20180710.
CVSS Score
5.5
EPSS Score
0.002
Published
2018-11-27
CVE-2018-10142
The Expedition Migration tool 1.0.106 and earlier may allow an unauthenticated attacker to enumerate files on the operating system.
CVSS Score
7.5
EPSS Score
0.007
Published
2018-11-27
CVE-2018-13022
Cross-site scripting vulnerability in the API 404 page on Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary JavaScript via a modified URL path.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-27
CVE-2018-13023
System command injection vulnerability in wifi_access in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute system commands via the "timeout" URL parameter.
CVSS Score
8.8
EPSS Score
0.204
Published
2018-11-27
CVE-2018-13306
System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ftpUser" POST parameter.
CVSS Score
9.8
EPSS Score
0.153
Published
2018-11-27
CVE-2018-13307
System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. Certain payloads cause the device to become permanently inoperable.
CVSS Score
9.8
EPSS Score
0.153
Published
2018-11-27
CVE-2018-13314
System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter.
CVSS Score
9.8
EPSS Score
0.153
Published
2018-11-27
CVE-2018-13316
System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter.
CVSS Score
9.8
EPSS Score
0.153
Published
2018-11-27
CVE-2018-13329
Cross-site scripting in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "lines" URL parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved