4 matches found
CVE-2018-16618
VTech Storio Max before 56.D3JM6 allows remote command execution via shell metacharacters in an Android activity name. It exposes the storeintenttranslate.x service on port 1668 listening for requests on localhost. Requests submitted to this service are checked for a string of random characters...
CVE-2018-16618
VTech Storio Max before 56.D3JM6 allows remote command execution via shell metacharacters in an Android activity name. It exposes the storeintenttranslate.x service on port 1668 listening for requests on localhost. Requests submitted to this service are checked for a string of random characters...
CVE-2018-16618
VTech Storio Max devices running before 56.D3JM6 are affected by CVE-2018-16618. An exposed storeintenttranslate.x service on localhost:1668 accepts requests that combine random characters with an Android activity name; the activity name is inserted into a shell command. By injecting shell metach...
CVE-2018-16618
VTech Storio Max before 56.D3JM6 allows remote command execution via shell metacharacters in an Android activity name. It exposes the storeintenttranslate.x service on port 1668 listening for requests on localhost. Requests submitted to this service are checked for a string of random characters...