120 matches found
CVE-2022-31760
Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services. Successful exploitation of this vulnerability may affect data integrity and confidentiality...
CVE-2018-21078
An issue was discovered on Samsung mobile devices with M6.0, N7.x, and O8.0 software. The Contacts application allows attackers to originate video calls because SS Supplementary Service and USSD Unstructured Supplementary Service Data codes are improperly secured. The Samsung ID is SVE-2018-11469...
CVE-2024-53333
TOTOLINK EX200 v4.0.3c.7646B20201211 was found to contain a command insertion vulnerability in the setUssd function. This vulnerability allows an attacker to execute arbitrary commands via the "ussd" parameter...
CVE-2024-53333
TOTOLINK EX200 v4.0.3c.7646B20201211 was found to contain a command insertion vulnerability in the setUssd function. This vulnerability allows an attacker to execute arbitrary commands via the "ussd" parameter...
PT-2024-35724 · Totolink · Totolink Ex200
Name of the Vulnerable Software and Affected Versions: TOTOLINK EX200 version 4.0.3c.7646 B20201211 Description: The issue is related to a command insertion vulnerability in the setUssd function. This allows an attacker to execute arbitrary commands via the ussd parameter. Recommendations: For...
CVE-2024-53333
TOTOLINK EX200 v4.0.3c.7646B20201211 was found to contain a command insertion vulnerability in the setUssd function. This vulnerability allows an attacker to execute arbitrary commands via the "ussd" parameter...
TOTOLINK LR1200GB setUssd Function OS Command Injection Vulnerability
The TOTOLINK LR1200GB is a wireless dual-band 4GLTE router from China's Gion Electronics TOTOLINK that supports 2.4GHz and 5GHz dual-band networks, and is primarily used to provide mobile broadband connectivity and Wi-Fi coverage. The TOTOLINK LR1200GB suffers from an operating system command...
CVE-2023-27380
An OS command injection vulnerability exists in the admin.cgi USSDsend functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
Peplink Surf SOHO HW1 Operating System Command Injection Vulnerability
Peplink Surf SOHO HW1 is a small router from Peplink. An OS command injection vulnerability exists in Peplink Surf SOHO HW1 v6.3.5, which stems from an OS command injection vulnerability in the admin.cgi USSDsend function. An attacker can exploit this vulnerability to execute commands via special...
CVE-2023-37148
TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function...
CVE-2023-37148
TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function...
CVE-2023-37148
TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function...
CVE-2023-37148
TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function...
CVE-2022-22758
When clicking on a tel: link, USSD codes, specified after a \ character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack.This bug only affects...
CVE-2022-22758
When clicking on a tel: link, USSD codes, specified after a \ character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack.This bug only affects...
CVE-2022-22758
When clicking on a tel: link, USSD codes, specified after a \ character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack.This bug only affects...
Cross site request forgery (csrf)
When clicking on a tel: link, USSD codes, specified after a \ character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack.This bug only affects...
CVE-2022-22758
When clicking on a tel: link, USSD codes, specified after a \ character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack.This bug only affects...
CVE-2022-22758
When clicking on a tel: link, USSD codes, specified after a \ character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack.This bug only affects...
CVE-2022-22758
CVE-2022-22758 affects Mozilla Firefox (Android) and arises from incorrect handling of tel: links where USSD codes placed after a * character could be included in the dialed number, potentially enabling actions on a user’s account. The issue impacts Firefox versions prior to 97 (and related ESR l...