Kddi Home Spot Cube Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Kddi Home Spot Cube Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2016-1139 — CVSS 7.5 (high): Cross-site request forgery (CSRF) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to hijack the…
CVE-2016-1137 — CVSS 7.4 (high): Open redirect vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to redirect users to arbitrary web sites and…
CVE-2016-1140 — CVSS 6.1 (medium): KDDI HOME SPOT CUBE devices before 2 allow remote attackers to conduct clickjacking attacks via unspecified vectors.
CVE-2016-1136 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote authenticated users to inject arbitrary web…
CVE-2016-1138 — CVSS 4.7 (medium): CRLF injection vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to inject arbitrary HTTP headers via…
CVE-2016-1141 — CVSS 4.7 (medium): KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.