CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0625
https://notcve.org/view.php?id=CVE-2018-0625
Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via formSysCmd parameter. Aterm WG1200HP, con firmware Ver1.0.31 y anteriores, permite a los atacantes con permisos de administrador ejecutar comandos SO arbitrarios mediante el parámetro formSysCmd. • https://jpn.nec.com/security-info/secinfo/nv18-011.html https://jvn.jp/en/jp/JVN00401783/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0628
https://notcve.org/view.php?id=CVE-2018-0628
Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response. Aterm WG1200HP, con firmware Ver1.0.31 y anteriores, permite a los atacantes con permisos de administrador ejecutar comandos SO arbitrarios mediante una petición y respuesta HTTP. • https://jpn.nec.com/security-info/secinfo/nv18-011.html https://jvn.jp/en/jp/JVN00401783/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-16192
https://notcve.org/view.php?id=CVE-2018-16192
Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allow an attacker on the same network segment to obtain information registered on the device via unspecified vectors. Aterm WF1200CR y Aterm WG1200CR (Aterm WF1200CR con firmware en versiones 1.1.1 y anteriores y Aterm WG1200CR con firmware en versiones 1.0.1 y anteriores) permiten que un atacante en el mismo segmento de red obtenga información registrada en el dispositivo mediante vectores sin especificar. • https://jpn.nec.com/security-info/secinfo/nv18-021.html https://jvn.jp/en/jp/JVN87535892/index.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0636
https://notcve.org/view.php?id=CVE-2018-0636
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter of a certain URL, different URL from CVE-2018-0634. Aterm HC100RC, en su versión Ver1.0.1 y anteriores, permite a los atacantes con permisos de administrador ejecutar comandos SO arbitrarios mediante el parámetro FactoryPassword de una determinada URL. • https://jpn.nec.com/security-info/secinfo/nv18-011.html https://jvn.jp/en/jp/JVN84825660/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-16195
https://notcve.org/view.php?id=CVE-2018-16195
Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands via SOAP interface of UPnP. Aterm WF1200CR y Aterm WG1200CR (Aterm WF1200CR con firmware en versiones 1.1.1 y anteriores y Aterm WG1200CR con firmware en versiones 1.0.1 y anteriores) permiten que un atacante en el mismo segmento de red ejecute comandos arbitrarios del sistema operativo mediante la interfaz SOAP de UPnP. • https://jpn.nec.com/security-info/secinfo/nv18-021.html https://jvn.jp/en/jp/JVN87535892/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •