Search criteria
19 vulnerabilities by KDDI CORPORATION
CVE-2025-60022 (GCVE-0-2025-60022)
Vulnerability from cvelistv5 – Published: 2025-11-17 05:51 – Updated: 2025-11-17 16:36
VLAI?
Summary
Improper certificate validation vulnerability exists in 'デジラアプリ' App for iOS prior to ver.80.10.00. If this vulnerability is exploited, a man-in-the-middle attack may allow an attacker to eavesdrop on and/or tamper with an encrypted communication.
Severity ?
CWE
- CWE-295 - Improper certificate validation
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| KDDI CORPORATION | 'デジラアプリ' App for iOS |
Affected:
prior to ver.80.10.00
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-60022",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-17T16:33:07.473322Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T16:36:39.305Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "\u0027\u30c7\u30b8\u30e9\u30a2\u30d7\u30ea\u0027 App for iOS",
"vendor": "KDDI CORPORATION",
"versions": [
{
"status": "affected",
"version": "prior to ver.80.10.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper certificate validation vulnerability exists in \u0027\u30c7\u30b8\u30e9\u30a2\u30d7\u30ea\u0027 App for iOS prior to ver.80.10.00. If this vulnerability is exploited, a man-in-the-middle attack may allow an attacker to eavesdrop on and/or tamper with an encrypted communication."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "Improper certificate validation",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T05:51:23.460Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN54005037/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-60022",
"datePublished": "2025-11-17T05:51:23.460Z",
"dateReserved": "2025-10-29T04:18:42.064Z",
"dateUpdated": "2025-11-17T16:36:39.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-27932 (GCVE-0-2025-27932)
Vulnerability from cvelistv5 – Published: 2025-03-28 08:19 – Updated: 2025-03-28 13:55
VLAI?
Summary
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file deletion process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an attacker may delete a file on the device or cause a denial of service (DoS) condition.
Severity ?
8.1 (High)
CWE
- CWE-22 - Improper limitation of a pathname to a restricted directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| KDDI CORPORATION | HGW-BL1500HM |
Affected:
Ver 002.002.003 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27932",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-28T13:55:35.958399Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T13:55:44.769Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HGW-BL1500HM",
"vendor": "KDDI CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver 002.002.003 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper limitation of a pathname to a restricted directory (\u0027Path Traversal\u0027) issue exists in the file deletion process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an attacker may delete a file on the device or cause a denial of service (DoS) condition."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper limitation of a pathname to a restricted directory (\u0027Path Traversal\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T08:19:01.846Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://kddi-tech.com/contents/appendix_L2_06.html#64433e4a-8946-9c06-bddf-91cbfe56c8e5"
},
{
"url": "https://jvn.jp/en/jp/JVN04278547/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-27932",
"datePublished": "2025-03-28T08:19:01.846Z",
"dateReserved": "2025-03-11T04:20:23.643Z",
"dateUpdated": "2025-03-28T13:55:44.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27726 (GCVE-0-2025-27726)
Vulnerability from cvelistv5 – Published: 2025-03-28 08:18 – Updated: 2025-03-28 13:56
VLAI?
Summary
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file download process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained and/or altered by a crafted HTTP request to specific functions of the product from a device connected to the LAN side.
Severity ?
CWE
- CWE-22 - Improper limitation of a pathname to a restricted directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| KDDI CORPORATION | HGW-BL1500HM |
Affected:
Ver 002.002.003 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27726",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-28T13:56:02.892203Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T13:56:09.518Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HGW-BL1500HM",
"vendor": "KDDI CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver 002.002.003 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper limitation of a pathname to a restricted directory (\u0027Path Traversal\u0027) issue exists in the file download process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product\u0027s files may be obtained and/or altered by a crafted HTTP request to specific functions of the product from a device connected to the LAN side."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 2.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper limitation of a pathname to a restricted directory (\u0027Path Traversal\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T08:18:49.092Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://kddi-tech.com/contents/appendix_L2_06.html#64433e4a-8946-9c06-bddf-91cbfe56c8e5"
},
{
"url": "https://jvn.jp/en/jp/JVN04278547/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-27726",
"datePublished": "2025-03-28T08:18:49.092Z",
"dateReserved": "2025-03-11T04:20:21.762Z",
"dateUpdated": "2025-03-28T13:56:09.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27718 (GCVE-0-2025-27718)
Vulnerability from cvelistv5 – Published: 2025-03-28 08:18 – Updated: 2025-03-28 13:56
VLAI?
Summary
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file upload process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained and/or altered or arbitrary code may be executed by a crafted HTTP request to specific functions of the product from a device connected to the LAN side.
Severity ?
8.8 (High)
CWE
- CWE-22 - Improper limitation of a pathname to a restricted directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| KDDI CORPORATION | HGW-BL1500HM |
Affected:
Ver 002.002.003 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27718",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-28T13:56:24.698978Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T13:56:31.056Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HGW-BL1500HM",
"vendor": "KDDI CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver 002.002.003 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper limitation of a pathname to a restricted directory (\u0027Path Traversal\u0027) issue exists in the file upload process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product\u0027s files may be obtained and/or altered or arbitrary code may be executed by a crafted HTTP request to specific functions of the product from a device connected to the LAN side."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper limitation of a pathname to a restricted directory (\u0027Path Traversal\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T08:18:36.814Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://kddi-tech.com/contents/appendix_L2_06.html#64433e4a-8946-9c06-bddf-91cbfe56c8e5"
},
{
"url": "https://jvn.jp/en/jp/JVN04278547/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-27718",
"datePublished": "2025-03-28T08:18:36.814Z",
"dateReserved": "2025-03-11T04:20:25.667Z",
"dateUpdated": "2025-03-28T13:56:31.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27716 (GCVE-0-2025-27716)
Vulnerability from cvelistv5 – Published: 2025-03-28 08:18 – Updated: 2025-03-28 13:56
VLAI?
Summary
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file/folder listing process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained and/or altered by a crafted HTTP request to specific functions of the product from a device connected to the LAN side.
Severity ?
6.5 (Medium)
CWE
- CWE-22 - Improper limitation of a pathname to a restricted directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| KDDI CORPORATION | HGW-BL1500HM |
Affected:
Ver 002.002.003 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27716",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-28T13:56:52.580638Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T13:56:59.891Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HGW-BL1500HM",
"vendor": "KDDI CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver 002.002.003 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper limitation of a pathname to a restricted directory (\u0027Path Traversal\u0027) issue exists in the file/folder listing process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product\u0027s files may be obtained and/or altered by a crafted HTTP request to specific functions of the product from a device connected to the LAN side."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper limitation of a pathname to a restricted directory (\u0027Path Traversal\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T08:18:23.782Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://kddi-tech.com/contents/appendix_L2_06.html#64433e4a-8946-9c06-bddf-91cbfe56c8e5"
},
{
"url": "https://jvn.jp/en/jp/JVN04278547/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-27716",
"datePublished": "2025-03-28T08:18:23.782Z",
"dateReserved": "2025-03-11T04:20:24.701Z",
"dateUpdated": "2025-03-28T13:56:59.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27574 (GCVE-0-2025-27574)
Vulnerability from cvelistv5 – Published: 2025-03-28 08:18 – Updated: 2025-03-28 13:57
VLAI?
Summary
Cross-site scripting vulnerability exists in the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configuration page or functions accessible only from the LAN side of the product.
Severity ?
CWE
- CWE-79 - Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| KDDI CORPORATION | HGW-BL1500HM |
Affected:
Ver 002.002.003 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27574",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-28T13:57:45.767797Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T13:57:52.244Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HGW-BL1500HM",
"vendor": "KDDI CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver 002.002.003 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configuration page or functions accessible only from the LAN side of the product."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T08:18:11.469Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://kddi-tech.com/contents/appendix_L2_06.html#64433e4a-8946-9c06-bddf-91cbfe56c8e5"
},
{
"url": "https://jvn.jp/en/jp/JVN04278547/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-27574",
"datePublished": "2025-03-28T08:18:11.469Z",
"dateReserved": "2025-03-11T04:20:22.696Z",
"dateUpdated": "2025-03-28T13:57:52.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27567 (GCVE-0-2025-27567)
Vulnerability from cvelistv5 – Published: 2025-03-28 08:17 – Updated: 2025-03-28 13:58
VLAI?
Summary
Cross-site scripting vulnerability exists in the NickName registration screen of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configuration page or functions accessible only from the LAN side of the product.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| KDDI CORPORATION | HGW-BL1500HM |
Affected:
Ver 002.002.003 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27567",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-28T13:58:04.131653Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T13:58:11.672Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HGW-BL1500HM",
"vendor": "KDDI CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver 002.002.003 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in the NickName registration screen of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configuration page or functions accessible only from the LAN side of the product."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T08:17:54.622Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://kddi-tech.com/contents/appendix_L2_06.html#64433e4a-8946-9c06-bddf-91cbfe56c8e5"
},
{
"url": "https://jvn.jp/en/jp/JVN04278547/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-27567",
"datePublished": "2025-03-28T08:17:54.622Z",
"dateReserved": "2025-03-11T04:20:26.622Z",
"dateUpdated": "2025-03-28T13:58:11.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21865 (GCVE-0-2024-21865)
Vulnerability from cvelistv5 – Published: 2024-03-25 04:11 – Updated: 2025-09-19 17:22
VLAI?
Summary
HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may connect to the product via SSH and use a shell.
Severity ?
6.5 (Medium)
CWE
- CWE-1391 - Use of weak credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| KDDI CORPORATION | HGW BL1500HM |
Affected:
Ver 002.001.013 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-21865",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T15:29:40.852705Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T17:22:54.820Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.343Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.au.com/support/service/internet/guide/modem/bl1500hm/firmware/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU93546510/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HGW BL1500HM",
"vendor": "KDDI CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver 002.001.013 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may connect to the product via SSH and use a shell."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1391",
"description": "Use of weak credentials",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T07:38:26.719Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://kddi-tech.com/contents/appendix_L2_06.html#20304f4c-af1b-49fd-c3b5-8d1f55fd8b4f"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93546510/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-21865",
"datePublished": "2024-03-25T04:11:34.280Z",
"dateReserved": "2024-03-18T01:23:32.331Z",
"dateUpdated": "2025-09-19T17:22:54.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29071 (GCVE-0-2024-29071)
Vulnerability from cvelistv5 – Published: 2024-03-25 03:42 – Updated: 2025-03-28 07:38
VLAI?
Summary
HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may change the system settings.
Severity ?
8.8 (High)
CWE
- CWE-1391 - Use of weak credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| KDDI CORPORATION | HGW BL1500HM |
Affected:
Ver 002.001.013 and earlier
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:kddi:hgw_bli500hm_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "hgw_bli500hm_firmware",
"vendor": "kddi",
"versions": [
{
"lessThanOrEqual": "002.001.013",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-29071",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-04T13:53:58.969525Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T13:55:29.279Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:03:51.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.au.com/support/service/internet/guide/modem/bl1500hm/firmware/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU93546510/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HGW BL1500HM",
"vendor": "KDDI CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver 002.001.013 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may change the system settings."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1391",
"description": "Use of weak credentials",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T07:38:42.105Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://kddi-tech.com/contents/appendix_L2_06.html#20304f4c-af1b-49fd-c3b5-8d1f55fd8b4f"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93546510/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-29071",
"datePublished": "2024-03-25T03:42:31.070Z",
"dateReserved": "2024-03-18T01:23:31.527Z",
"dateUpdated": "2025-03-28T07:38:42.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28041 (GCVE-0-2024-28041)
Vulnerability from cvelistv5 – Published: 2024-03-25 03:42 – Updated: 2025-03-28 07:39
VLAI?
Summary
HGW BL1500HM Ver 002.001.013 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary command.
Severity ?
8.8 (High)
CWE
- Arbitrary command execution
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| KDDI CORPORATION | HGW BL1500HM |
Affected:
Ver 002.001.013 and earlier
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:kddi:hgw_bli500hm_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "hgw_bli500hm_firmware",
"vendor": "kddi",
"versions": [
{
"lessThanOrEqual": "002.001.013",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-28041",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T15:30:23.593154Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T15:32:08.389Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:47.724Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.au.com/support/service/internet/guide/modem/bl1500hm/firmware/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU93546510/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HGW BL1500HM",
"vendor": "KDDI CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver 002.001.013 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HGW BL1500HM Ver 002.001.013 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary command execution",
"lang": "en-US",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T07:39:02.488Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://kddi-tech.com/contents/appendix_L2_06.html#20304f4c-af1b-49fd-c3b5-8d1f55fd8b4f"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93546510/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-28041",
"datePublished": "2024-03-25T03:42:17.754Z",
"dateReserved": "2024-03-18T01:23:33.325Z",
"dateUpdated": "2025-03-28T07:39:02.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23978 (GCVE-0-2024-23978)
Vulnerability from cvelistv5 – Published: 2024-02-02 06:38 – Updated: 2025-05-15 19:50 Unsupported When Assigned
VLAI?
Summary
Heap-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. By processing invalid values, arbitrary code may be executed. Note that the affected products are no longer supported.
Severity ?
9.8 (Critical)
CWE
- Heap-based buffer overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| KDDI CORPORATION | HOME SPOT CUBE2 |
Affected:
V102 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.702Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.au.com/support/service/mobile/guide/wlan/home_spot_cube_2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU93740658/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23978",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-09T23:33:59.064031Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T19:50:24.669Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HOME SPOT CUBE2",
"vendor": "KDDI CORPORATION",
"versions": [
{
"status": "affected",
"version": "V102 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. By processing invalid values, arbitrary code may be executed. Note that the affected products are no longer supported."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap-based buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-02T06:38:33.253Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.au.com/support/service/mobile/guide/wlan/home_spot_cube_2/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93740658/"
}
],
"tags": [
"unsupported-when-assigned"
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-23978",
"datePublished": "2024-02-02T06:38:33.253Z",
"dateReserved": "2024-01-25T01:46:40.762Z",
"dateUpdated": "2025-05-15T19:50:24.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21780 (GCVE-0-2024-21780)
Vulnerability from cvelistv5 – Published: 2024-02-02 06:38 – Updated: 2025-06-16 18:27 Unsupported When Assigned
VLAI?
Summary
Stack-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. Processing a specially crafted command may result in a denial of service (DoS) condition. Note that the affected products are no longer supported.
Severity ?
7.5 (High)
CWE
- Stack-based buffer overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| KDDI CORPORATION | HOME SPOT CUBE2 |
Affected:
V102 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-21780",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-21T19:27:01.282836Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T18:27:12.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.au.com/support/service/mobile/guide/wlan/home_spot_cube_2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU93740658/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HOME SPOT CUBE2",
"vendor": "KDDI CORPORATION",
"versions": [
{
"status": "affected",
"version": "V102 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. Processing a specially crafted command may result in a denial of service (DoS) condition. Note that the affected products are no longer supported."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stack-based buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-02T06:38:19.377Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.au.com/support/service/mobile/guide/wlan/home_spot_cube_2/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93740658/"
}
],
"tags": [
"unsupported-when-assigned"
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-21780",
"datePublished": "2024-02-02T06:38:19.377Z",
"dateReserved": "2024-01-25T01:46:39.865Z",
"dateUpdated": "2025-06-16T18:27:12.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-33948 (GCVE-0-2022-33948)
Vulnerability from cvelistv5 – Published: 2022-07-04 01:50 – Updated: 2024-08-03 08:16
VLAI?
Summary
HOME SPOT CUBE2 V102 contains an OS command injection vulnerability due to improper processing of data received from DHCP server. An adjacent attacker may execute an arbitrary OS command on the product if a malicious DHCP server is placed on the WAN side of the product.
Severity ?
No CVSS data available.
CWE
- OS Command Injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| KDDI CORPORATION | HOME SPOT CUBE2 |
Affected:
V102 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:16:15.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.au.com/support/service/mobile/guide/wlan/home_spot_cube_2/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN41017328/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HOME SPOT CUBE2",
"vendor": "KDDI CORPORATION",
"versions": [
{
"status": "affected",
"version": "V102 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HOME SPOT CUBE2 V102 contains an OS command injection vulnerability due to improper processing of data received from DHCP server. An adjacent attacker may execute an arbitrary OS command on the product if a malicious DHCP server is placed on the WAN side of the product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-04T01:50:49",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.au.com/support/service/mobile/guide/wlan/home_spot_cube_2/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN41017328/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-33948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HOME SPOT CUBE2",
"version": {
"version_data": [
{
"version_value": "V102 and earlier"
}
]
}
}
]
},
"vendor_name": "KDDI CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HOME SPOT CUBE2 V102 contains an OS command injection vulnerability due to improper processing of data received from DHCP server. An adjacent attacker may execute an arbitrary OS command on the product if a malicious DHCP server is placed on the WAN side of the product."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.au.com/support/service/mobile/guide/wlan/home_spot_cube_2/",
"refsource": "MISC",
"url": "https://www.au.com/support/service/mobile/guide/wlan/home_spot_cube_2/"
},
{
"name": "https://jvn.jp/en/jp/JVN41017328/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN41017328/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-33948",
"datePublished": "2022-07-04T01:50:49",
"dateReserved": "2022-06-20T00:00:00",
"dateUpdated": "2024-08-03T08:16:15.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0517 (GCVE-0-2018-0517)
Vulnerability from cvelistv5 – Published: 2018-02-08 14:00 – Updated: 2024-08-05 03:28
VLAI?
Summary
Untrusted search path vulnerability in Anshin net security for Windows Version 16.0.1.44 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity ?
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| KDDI CORPORATION | Anshin net security for Windows |
Affected:
Version 16.0.1.44 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.086Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#70615027",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN70615027/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Anshin net security for Windows",
"vendor": "KDDI CORPORATION",
"versions": [
{
"status": "affected",
"version": "Version 16.0.1.44 and earlier"
}
]
}
],
"datePublic": "2018-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Anshin net security for Windows Version 16.0.1.44 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-08T13:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#70615027",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN70615027/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Anshin net security for Windows",
"version": {
"version_data": [
{
"version_value": "Version 16.0.1.44 and earlier"
}
]
}
}
]
},
"vendor_name": "KDDI CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Anshin net security for Windows Version 16.0.1.44 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#70615027",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN70615027/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0517",
"datePublished": "2018-02-08T14:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:11.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2289 (GCVE-0-2017-2289)
Vulnerability from cvelistv5 – Published: 2017-08-18 13:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
Untrusted search path vulnerability in Installer of Qua station connection tool for Windows version 1.00.03 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity ?
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| KDDI CORPORATION | Installer of Qua station connection tool for Windows |
Affected:
version 1.00.03
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.316Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#81659403",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN81659403/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Installer of Qua station connection tool for Windows",
"vendor": "KDDI CORPORATION",
"versions": [
{
"status": "affected",
"version": "version 1.00.03"
}
]
}
],
"datePublic": "2017-08-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Installer of Qua station connection tool for Windows version 1.00.03 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-18T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#81659403",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN81659403/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2289",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Installer of Qua station connection tool for Windows",
"version": {
"version_data": [
{
"version_value": "version 1.00.03"
}
]
}
}
]
},
"vendor_name": "KDDI CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Installer of Qua station connection tool for Windows version 1.00.03 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#81659403",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN81659403/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2289",
"datePublished": "2017-08-18T13:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:05.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2186 (GCVE-0-2017-2186)
Vulnerability from cvelistv5 – Published: 2017-07-07 13:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to bypass authentication to load malicious firmware via WebUI.
Severity ?
No CVSS data available.
CWE
- Authentication bypass
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| KDDI CORPORATION | HOME SPOT CUBE2 |
Affected:
firmware V101 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:03.713Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.au.com/information/notice_mobile/update/update-20170612-01/"
},
{
"name": "99282",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99282"
},
{
"name": "JVN#24348065",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN24348065/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HOME SPOT CUBE2",
"vendor": "KDDI CORPORATION",
"versions": [
{
"status": "affected",
"version": "firmware V101 and earlier"
}
]
}
],
"datePublic": "2017-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to bypass authentication to load malicious firmware via WebUI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T09:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.au.com/information/notice_mobile/update/update-20170612-01/"
},
{
"name": "99282",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99282"
},
{
"name": "JVN#24348065",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN24348065/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HOME SPOT CUBE2",
"version": {
"version_data": [
{
"version_value": "firmware V101 and earlier"
}
]
}
}
]
},
"vendor_name": "KDDI CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to bypass authentication to load malicious firmware via WebUI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.au.com/information/notice_mobile/update/update-20170612-01/",
"refsource": "CONFIRM",
"url": "https://www.au.com/information/notice_mobile/update/update-20170612-01/"
},
{
"name": "99282",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99282"
},
{
"name": "JVN#24348065",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN24348065/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2186",
"datePublished": "2017-07-07T13:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:03.713Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2185 (GCVE-0-2017-2185)
Vulnerability from cvelistv5 – Published: 2017-07-07 13:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via WebUI.
Severity ?
No CVSS data available.
CWE
- OS Command Injection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| KDDI CORPORATION | HOME SPOT CUBE2 |
Affected:
firmware V101 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:03.723Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.au.com/information/notice_mobile/update/update-20170612-01/"
},
{
"name": "99282",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99282"
},
{
"name": "JVN#24348065",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN24348065/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HOME SPOT CUBE2",
"vendor": "KDDI CORPORATION",
"versions": [
{
"status": "affected",
"version": "firmware V101 and earlier"
}
]
}
],
"datePublic": "2017-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via WebUI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T09:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.au.com/information/notice_mobile/update/update-20170612-01/"
},
{
"name": "99282",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99282"
},
{
"name": "JVN#24348065",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN24348065/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HOME SPOT CUBE2",
"version": {
"version_data": [
{
"version_value": "firmware V101 and earlier"
}
]
}
}
]
},
"vendor_name": "KDDI CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via WebUI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.au.com/information/notice_mobile/update/update-20170612-01/",
"refsource": "CONFIRM",
"url": "https://www.au.com/information/notice_mobile/update/update-20170612-01/"
},
{
"name": "99282",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99282"
},
{
"name": "JVN#24348065",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN24348065/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2185",
"datePublished": "2017-07-07T13:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:03.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2184 (GCVE-0-2017-2184)
Vulnerability from cvelistv5 – Published: 2017-07-07 13:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
Buffer overflow in HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to execute arbitrary code via WebUI.
Severity ?
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| KDDI CORPORATION | HOME SPOT CUBE2 |
Affected:
firmware V101 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:03.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.au.com/information/notice_mobile/update/update-20170612-01/"
},
{
"name": "99282",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99282"
},
{
"name": "JVN#24348065",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN24348065/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HOME SPOT CUBE2",
"vendor": "KDDI CORPORATION",
"versions": [
{
"status": "affected",
"version": "firmware V101 and earlier"
}
]
}
],
"datePublic": "2017-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to execute arbitrary code via WebUI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T09:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.au.com/information/notice_mobile/update/update-20170612-01/"
},
{
"name": "99282",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99282"
},
{
"name": "JVN#24348065",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN24348065/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2184",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HOME SPOT CUBE2",
"version": {
"version_data": [
{
"version_value": "firmware V101 and earlier"
}
]
}
}
]
},
"vendor_name": "KDDI CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to execute arbitrary code via WebUI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.au.com/information/notice_mobile/update/update-20170612-01/",
"refsource": "CONFIRM",
"url": "https://www.au.com/information/notice_mobile/update/update-20170612-01/"
},
{
"name": "99282",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99282"
},
{
"name": "JVN#24348065",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN24348065/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2184",
"datePublished": "2017-07-07T13:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:03.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2183 (GCVE-0-2017-2183)
Vulnerability from cvelistv5 – Published: 2017-07-07 13:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings.
Severity ?
No CVSS data available.
CWE
- OS Command Injection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| KDDI CORPORATION | HOME SPOT CUBE2 |
Affected:
firmware V101 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:03.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.au.com/information/notice_mobile/update/update-20170612-01/"
},
{
"name": "99282",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99282"
},
{
"name": "JVN#24348065",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN24348065/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HOME SPOT CUBE2",
"vendor": "KDDI CORPORATION",
"versions": [
{
"status": "affected",
"version": "firmware V101 and earlier"
}
]
}
],
"datePublic": "2017-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T09:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.au.com/information/notice_mobile/update/update-20170612-01/"
},
{
"name": "99282",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99282"
},
{
"name": "JVN#24348065",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN24348065/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2183",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HOME SPOT CUBE2",
"version": {
"version_data": [
{
"version_value": "firmware V101 and earlier"
}
]
}
}
]
},
"vendor_name": "KDDI CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.au.com/information/notice_mobile/update/update-20170612-01/",
"refsource": "CONFIRM",
"url": "https://www.au.com/information/notice_mobile/update/update-20170612-01/"
},
{
"name": "99282",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99282"
},
{
"name": "JVN#24348065",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN24348065/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2183",
"datePublished": "2017-07-07T13:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:03.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}