Security Vulnerabilities - CVEs Published In 2018
There is a smart SMS verification code vulnerability in some Huawei smart phones. An attacker should trick a user to access malicious Website or malicious App and register. Due to incorrect processing of the smart SMS verification code, successful exploitation can cause sensitive information leak.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-11-27
There is an information leakage vulnerability on several Huawei products. Due to insufficient communication protection for specific services, a remote, unauthorized attacker can exploit this vulnerability to connect to specific services to obtain additional information. Successful exploitation of this vulnerability can lead to information leakage.
CVSS Score
7.5
EPSS Score
0.002
Published
2018-11-27
There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to another smartphone and then perform a series of specific operations. Successful exploit could allow the attacker bypass the FRP protection.
CVSS Score
4.6
EPSS Score
0.0
Published
2018-11-27
Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "modgroup" parameter.
CVSS Score
8.8
EPSS Score
0.026
Published
2018-11-27
Cross-site scripting in Text Editor in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "filename" URL parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-27
User enumeration in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to list all system users via the "modgroup" parameter.
CVSS Score
5.3
EPSS Score
0.016
Published
2018-11-27
System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 allows attackers to execute system commands via the "newname" parameter.
CVSS Score
8.8
EPSS Score
0.12
Published
2018-11-27
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands during group creation via the "groupname" parameter.
CVSS Score
7.2
EPSS Score
0.126
Published
2018-11-27
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing users by placing JavaScript in their usernames.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-27
Directory Traversal in the explorer application in TerraMaster TOS version 3.1.03 allows attackers to upload files to arbitrary locations via the "path" URL parameter.
CVSS Score
7.5
EPSS Score
0.005
Published
2018-11-27