Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2018
CVE-2018-19607
Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
CVSS Score
6.5
EPSS Score
0.007
Published
2018-11-27
CVE-2018-13308
Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "User phrases button" field.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-26
CVE-2018-13309
Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's password.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-26
CVE-2018-13310
Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's username.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-26
CVE-2018-13311
System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "sambaUser" POST parameter.
CVSS Score
9.8
EPSS Score
0.051
Published
2018-11-26
CVE-2018-13312
Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "Input your notice URL" field.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-26
CVE-2018-13315
Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an unauthenticated POST request.
CVSS Score
9.8
EPSS Score
0.01
Published
2018-11-26
CVE-2018-13317
Password disclosure in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to obtain the plaintext password for the admin user by making a GET request for password.htm.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-26
CVE-2018-13318
System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter.
CVSS Score
7.2
EPSS Score
0.1
Published
2018-11-26
CVE-2018-13319
Incorrect access control in get_portal_info in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to determine sensitive device information via an unauthenticated POST request.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-11-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved