CVSS: 7.7EPSS: 0%CPEs: 90EXPL: 0CVE-2018-0512
https://notcve.org/view.php?id=CVE-2018-0512
Devices with IP address setting tool "MagicalFinder" provided by I-O DATA DEVICE, INC. allow authenticated attackers to execute arbitrary OS commands via unspecified vectors. Los dispositivos con la herramienta de configuración de direcciones IP MagicalFinder proporcionada por I-O DATA DEVICE, INC. permiten que atacantes autenticados ejecuten comandos arbitrarios del sistema operativo mediante vectores sin especificar. • http://www.iodata.jp/support/information/2018/magicalfinder https://jvn.jp/en/jp/JVN36048131/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2017-2283
https://notcve.org/view.php?id=CVE-2017-2283
WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device. Las versiones 1.0.2 y anteriores del firmware WN-G300R3 utilizan credenciales embebidas que pueden permitir a un atacante acceder al dispositivo para ejecutar código arbitrario en él. • http://www.iodata.jp/support/information/2017/wn-g300r3_2 https://jvn.jp/en/jp/JVN51410509/index.html • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2017-2141
https://notcve.org/view.php?id=CVE-2017-2141
WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors. WN-G300R3 firmware versión 1.03 y anteriores permite a los atacantes con derechos de administrador ejecutar comandos de sistema operativo arbitrarios a través de vectores no especificados. • http://jvn.jp/en/jp/JVN81024552/index.html http://www.iodata.jp/support/information/2017/wn-g300r3 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2017-2142
https://notcve.org/view.php?id=CVE-2017-2142
Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. Desbordamiento de buffer en firmware WN-G300R3, que afecta a las versiones 1.03 y anteriores y que permitiría a un atacante remoto ejecutar comandos del SO arbitrarios a través de vectores no especificados. • http://jvn.jp/en/jp/JVN81024552/index.html http://www.iodata.jp/support/information/2017/wn-g300r3 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2016-1207
https://notcve.org/view.php?id=CVE-2016-1207
Cross-site scripting (XSS) vulnerability on I-O DATA DEVICE WN-G300R devices with firmware 1.12 and earlier, WN-G300R2 devices with firmware 1.12 and earlier, and WN-G300R3 devices with firmware 1.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en dispositivos I-O DATA DEVICE WN-G300R con firmware 1.12 y versiones anteriores, dispositivos WN-G300R2 con firmware 1.12 y versiones anteriores, y dispositivos WN-G300R3 con firmware 1.01 y versiones anteriores permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://jvn.jp/en/jp/JVN22978346/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000062 http://www.iodata.jp/support/information/2016/wn-g300r_xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •