Kddi: Security Vulnerabilities
HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via WebUI.
CVSS Score
8.8
EPSS Score
0.009
Published
2017-07-07
HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to bypass authentication to load malicious firmware via WebUI.
CVSS Score
8.8
EPSS Score
0.005
Published
2017-07-07
KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.
CVSS Score
4.7
EPSS Score
0.005
Published
2016-01-30
Cross-site request forgery (CSRF) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVSS Score
7.5
EPSS Score
0.001
Published
2016-01-30
KDDI HOME SPOT CUBE devices before 2 allow remote attackers to conduct clickjacking attacks via unspecified vectors.
CVSS Score
6.1
EPSS Score
0.003
Published
2016-01-30
CRLF injection vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to inject arbitrary HTTP headers via unspecified vectors.
CVSS Score
4.7
EPSS Score
0.003
Published
2016-01-30
Open redirect vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVSS Score
7.4
EPSS Score
0.003
Published
2016-01-30
Cross-site scripting (XSS) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
5.4
EPSS Score
0.002
Published
2016-01-30
Directory traversal vulnerability in download.cgi in EZFactory KDDI Download CGI 1.x allows remote attackers to read and download arbitrary files via a .. (dot dot) in the name parameter.
CVSS Score
7.8
EPSS Score
0.005
Published
2007-07-11
Page 2