CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0636
https://notcve.org/view.php?id=CVE-2018-0636
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter of a certain URL, different URL from CVE-2018-0634. Aterm HC100RC, en su versión Ver1.0.1 y anteriores, permite a los atacantes con permisos de administrador ejecutar comandos SO arbitrarios mediante el parámetro FactoryPassword de una determinada URL. • https://jpn.nec.com/security-info/secinfo/nv18-011.html https://jvn.jp/en/jp/JVN84825660/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0639
https://notcve.org/view.php?id=CVE-2018-0639
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via tools_firmware.cgi date parameter, time parameter, and offset parameter. Aterm HC100RC, en versiones Ver1.0.1 y anteriores, permite que un atacante con derechos de administrador ejecute comandos arbitrarios del sistema operativo mediante los parámetros date, time y offset en tools_firmware.cgi. • https://jpn.nec.com/security-info/secinfo/nv18-011.html https://jvn.jp/en/jp/JVN84825660/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0638
https://notcve.org/view.php?id=CVE-2018-0638
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via import.cgi encKey parameter. Aterm HC100RC, en su versión Ver1.0.1 y anteriores, permite a los atacantes con permisos de administrador ejecutar comandos SO arbitrarios mediante el parámetro import.cgi encKey. • https://jpn.nec.com/security-info/secinfo/nv18-011.html https://jvn.jp/en/jp/JVN84825660/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0634
https://notcve.org/view.php?id=CVE-2018-0634
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter or bootmode parameter of a certain URL. Aterm HC100RC, en su versión Ver1.0.1 y anteriores, permite a los atacantes con permisos de administrador ejecutar comandos SO arbitrarios mediante los parámetros FactoryPassword o bootmode de una determinada URL. • https://jpn.nec.com/security-info/secinfo/nv18-011.html https://jvn.jp/en/jp/JVN84825660/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0640
https://notcve.org/view.php?id=CVE-2018-0640
Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via netWizard.cgi date parameter, time parameter, and offset parameter. Aterm HC100RC, en su versión Ver1.0.1 y anteriores, permite a los atacantes con permisos de administrador ejecutar código arbitrario mediante los parámetros netWizard.cgi date, time y offset. • https://jpn.nec.com/security-info/secinfo/nv18-011.html https://jvn.jp/en/jp/JVN84825660/index.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •