CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0634
https://notcve.org/view.php?id=CVE-2018-0634
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter or bootmode parameter of a certain URL. Aterm HC100RC, en su versión Ver1.0.1 y anteriores, permite a los atacantes con permisos de administrador ejecutar comandos SO arbitrarios mediante los parámetros FactoryPassword o bootmode de una determinada URL. • https://jpn.nec.com/security-info/secinfo/nv18-011.html https://jvn.jp/en/jp/JVN84825660/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2018-16194
https://notcve.org/view.php?id=CVE-2018-16194
Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to execute arbitrary OS commands via unspecified vectors. Aterm WF1200CR y Aterm WG1200CR (Aterm WF1200CR con firmware en versiones 1.1.1 y anteriores y Aterm WG1200CR con firmware en versiones 1.0.1 y anteriores) permiten que los atacantes autenticados ejecuten comandos arbitrarios del sistema operativo mediante vectores sin especificar. • https://jpn.nec.com/security-info/secinfo/nv18-021.html https://jvn.jp/en/jp/JVN87535892/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0640
https://notcve.org/view.php?id=CVE-2018-0640
Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via netWizard.cgi date parameter, time parameter, and offset parameter. Aterm HC100RC, en su versión Ver1.0.1 y anteriores, permite a los atacantes con permisos de administrador ejecutar código arbitrario mediante los parámetros netWizard.cgi date, time y offset. • https://jpn.nec.com/security-info/secinfo/nv18-011.html https://jvn.jp/en/jp/JVN84825660/index.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0637
https://notcve.org/view.php?id=CVE-2018-0637
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via export.cgi encKey parameter. Aterm HC100RC, en su versión Ver1.0.1 y anteriores, permite a los atacantes con permisos de administrador ejecutar comandos SO arbitrarios mediante el parámetro export.cgi encKey. • https://jpn.nec.com/security-info/secinfo/nv18-011.html https://jvn.jp/en/jp/JVN84825660/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0629
https://notcve.org/view.php?id=CVE-2018-0629
Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response. Aterm W300P, en su versión Ver1.0.13 y anteriores, permite a los atacantes con permisos de administrador ejecutar comandos SO arbitrarios mediante una petición y respuesta HTTP. • https://jpn.nec.com/security-info/secinfo/nv18-011.html https://jvn.jp/en/jp/JVN26629618/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •