CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2016-7819
https://notcve.org/view.php?id=CVE-2016-7819
09 Jun 2017 — I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. I-O DATA DEVICE TS-WRLP firmware versiones 1.01.02 y anteriores y TS-WRLA firmware versiones 1.01.02 y anteriores permite a un atacante con derechos de administrador ejecutar comandos de SO arbitrarios a través de vectores no especificados. • http://www.iodata.jp/support/information/2016/ts-wrlap_2 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2017-2112
https://notcve.org/view.php?id=CVE-2017-2112
28 Apr 2017 — TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. Los firmwares de TS-WPTCAM versión 1.18 y versiones anteriores, de TS-WLC2 versión 1.18 y anteriores, de TS-WLC2 versión 1.18 y ant... • http://jvn.jp/en/jp/JVN46830433/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2017-2148
https://notcve.org/view.php?id=CVE-2017-2148
28 Apr 2017 — Cross-site scripting vulnerability in WN-AC1167GR firmware version 1.04 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en firmware WN-AC1167GR version 1.0.4 y anteriores, que permitiría a un atacante remoto autenticado inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://jvn.jp/en/jp/JVN01537659/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2017-2142
https://notcve.org/view.php?id=CVE-2017-2142
28 Apr 2017 — Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. Desbordamiento de buffer en firmware WN-G300R3, que afecta a las versiones 1.03 y anteriores y que permitiría a un atacante remoto ejecutar comandos del SO arbitrarios a través de vectores no especificados. • http://jvn.jp/en/jp/JVN81024552/index.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 0CVE-2017-2111
https://notcve.org/view.php?id=CVE-2017-2111
28 Apr 2017 — HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier may allow a remote attackers to display false information. Una vulnerabilidad de inyección en cabecera HTTP en los firmwares de TS-WPTCAM versiones 1.18 y anteriores, de TS-W... • http://jvn.jp/en/jp/JVN46830433/index.html • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2017-2141
https://notcve.org/view.php?id=CVE-2017-2141
28 Apr 2017 — WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors. WN-G300R3 firmware versión 1.03 y anteriores permite a los atacantes con derechos de administrador ejecutar comandos de sistema operativo arbitrarios a través de vectores no especificados. • http://jvn.jp/en/jp/JVN81024552/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2017-2113
https://notcve.org/view.php?id=CVE-2017-2113
28 Apr 2017 — Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. Desbordamiento de búfer en el firmaware TS-WPTCAM versión 1.18 y anteriores, TS-WPTCAM2 versión 1.00, TS-WLCE ve... • http://jvn.jp/en/jp/JVN46830433/index.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3887
https://notcve.org/view.php?id=CVE-2014-3887
13 Apr 2017 — Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-4713. Vulnerabilidad XSS en I-O DATA DEVICE RockDisk con firmware en versiones anteriores a 1.05e1-2.0.5 permite a los usuarios autenticados remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. NOTA: ... • http://www.ioplaza.jp/shop/contents/rdiskmanual.aspx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 1CVE-2016-4845
https://notcve.org/view.php?id=CVE-2016-4845
24 Sep 2016 — Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL-AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A, and HVL-AT4.0A devices with firmware before 2.04 allows remote attackers to hijack the authentication of arbitrary users for requests that delete content. Vulnerabilidad de CSRF en dispositivos I-O DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL-AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A y HVL-AT4.0A con firmware en versiones... • https://github.com/kaito834/cve-2016-4845_csrf • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4820
https://notcve.org/view.php?id=CVE-2016-4820
19 Jun 2016 — Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ETX-R devices allows remote attackers to hijack the authentication of arbitrary users. Vulnerabilidad CSRF en dispositivos I-O DATA DEVICE ETX-R permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios. • http://jvn.jp/en/jp/JVN61317238/index.html • CWE-352: Cross-Site Request Forgery (CSRF) •