Vulnerability Description
HOME SPOT CUBE2 V102 contains an OS command injection vulnerability due to improper processing of data received from DHCP server. An adjacent attacker may execute an arbitrary OS command on the product if a malicious DHCP server is placed on the WAN side of the product.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kddi | Home Spot Cube 2 Firmware | <= v102 |
| Kddi | Home Spot Cube 2 | - |
Related Weaknesses (CWE)
References
- https://jvn.jp/en/jp/JVN41017328/index.htmlThird Party Advisory
- https://www.au.com/support/service/mobile/guide/wlan/home_spot_cube_2/ProductVendor Advisory
- https://jvn.jp/en/jp/JVN41017328/index.htmlThird Party Advisory
- https://www.au.com/support/service/mobile/guide/wlan/home_spot_cube_2/ProductVendor Advisory
FAQ
What is CVE-2022-33948?
CVE-2022-33948 is a vulnerability with a CVSS score of 8.8 (HIGH). HOME SPOT CUBE2 V102 contains an OS command injection vulnerability due to improper processing of data received from DHCP server. An adjacent attacker may execute an arbitrary OS command on the produc...
How severe is CVE-2022-33948?
CVE-2022-33948 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-33948?
Check the references section above for vendor advisories and patch information. Affected products include: Kddi Home Spot Cube 2 Firmware, Kddi Home Spot Cube 2.