Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-33948

HOME SPOT CUBE2 V102 contains an OS command injection vulnerability due to improper processing of data received from DHCP server. An adjacent attacker may execute an arbitrary OS command on the product if a malicious DHCP server is placed on the WAN side of the product.

Published

2022-07-04T02:15:07.620

Last Modified

2024-11-21T07:08:39.967

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:A/AC:L/Au:N/C:C/I:C/A:C

Access Vector: ADJACENT_NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

6.5

Impact Score

10.0

Weaknesses

Type: Primary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	kddi	home_spot_cube_2_firmware	≤ v102	Yes
Hardware	kddi	home_spot_cube_2	-	No

References

https://jvn.jp/en/jp/JVN41017328/index.html Third Party Advisory ([email protected])
https://www.au.com/support/service/mobile/guide/wlan/home_spot_cube_2/ Product, Vendor Advisory ([email protected])
https://jvn.jp/en/jp/JVN41017328/index.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.au.com/support/service/mobile/guide/wlan/home_spot_cube_2/ Product, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)