Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2018
CVE-2018-13314
System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter.
CVSS Score
9.8
EPSS Score
0.153
Published
2018-11-27
CVE-2018-13316
System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter.
CVSS Score
9.8
EPSS Score
0.153
Published
2018-11-27
CVE-2018-13329
Cross-site scripting in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "lines" URL parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-27
CVE-2018-13334
Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "options[sysname]" parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-27
CVE-2018-13337
Session Fixation in the web application for TerraMaster TOS version 3.1.03 allows attackers to control users' session cookies via JavaScript.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-11-27
CVE-2018-14892
Missing protections against Cross-Site Request Forgery in the web application in ZyXEL NSA325 V2 version 4.81 allow attackers to perform state-changing actions via crafted HTTP forms.
CVSS Score
8.8
EPSS Score
0.018
Published
2018-11-27
CVE-2018-14893
A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attackers to execute system commands via the web application API.
CVSS Score
8.8
EPSS Score
0.117
Published
2018-11-27
CVE-2018-16130
System command injection in request_mitv in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary system commands via the "payload" URL parameter.
CVSS Score
8.8
EPSS Score
0.204
Published
2018-11-27
CVE-2018-17934
NUUO CMS All versions 3.3 and prior the application allows external input to construct a pathname that is able to be resolved outside the intended directory. This could allow an attacker to impersonate a legitimate user, obtain restricted information, or execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.678
Published
2018-11-27
CVE-2018-17936
NUUO CMS All versions 3.3 and prior the application allows the upload of arbitrary files that can modify or overwrite configuration files to the server, which could allow remote code execution.
CVSS Score
9.8
EPSS Score
0.672
Published
2018-11-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved