CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0637
https://notcve.org/view.php?id=CVE-2018-0637
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via export.cgi encKey parameter. Aterm HC100RC, en su versión Ver1.0.1 y anteriores, permite a los atacantes con permisos de administrador ejecutar comandos SO arbitrarios mediante el parámetro export.cgi encKey. • https://jpn.nec.com/security-info/secinfo/nv18-011.html https://jvn.jp/en/jp/JVN84825660/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0641
https://notcve.org/view.php?id=CVE-2018-0641
Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via tools_system.cgi date parameter, time parameter, and offset parameter. Desbordamiento de búfer en Aterm HC100RC, en versiones Ver1.0.1 y anteriores, permite que un atacante con derechos de administrador ejecute código arbitrario mediante los parámetros date, time y offset en tools_system.cgi. • https://jpn.nec.com/security-info/secinfo/nv18-011.html https://jvn.jp/en/jp/JVN84825660/index.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0635
https://notcve.org/view.php?id=CVE-2018-0635
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via filename parameter. Aterm HC100RC, en su versión Ver1.0.1 y anteriores, permite a los atacantes con permisos de administrador ejecutar comandos SO arbitrarios mediante el parámetro filename. • https://jpn.nec.com/security-info/secinfo/nv18-011.html https://jvn.jp/en/jp/JVN84825660/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •