Lucene search
+L

120 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:53 p.m.8 views

CVE-2022-31760

Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services. Successful exploitation of this vulnerability may affect data integrity and confidentiality...

9.1CVSS6.9AI score0.0062EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:33 a.m.6 views

CVE-2018-21078

An issue was discovered on Samsung mobile devices with M6.0, N7.x, and O8.0 software. The Contacts application allows attackers to originate video calls because SS Supplementary Service and USSD Unstructured Supplementary Service Data codes are improperly secured. The Samsung ID is SVE-2018-11469...

7.5CVSS7AI score0.00346EPSS
Exploits0References1
OSV
OSV
added 2024/11/21 6:15 p.m.6 views

CVE-2024-53333

TOTOLINK EX200 v4.0.3c.7646B20201211 was found to contain a command insertion vulnerability in the setUssd function. This vulnerability allows an attacker to execute arbitrary commands via the "ussd" parameter...

6.3CVSS6AI score0.189EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/11/21 12:0 a.m.12 views

CVE-2024-53333

TOTOLINK EX200 v4.0.3c.7646B20201211 was found to contain a command insertion vulnerability in the setUssd function. This vulnerability allows an attacker to execute arbitrary commands via the "ussd" parameter...

7.9AI score0.189EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/11/21 12:0 a.m.5 views

PT-2024-35724 · Totolink · Totolink Ex200

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX200 version 4.0.3c.7646 B20201211 Description: The issue is related to a command insertion vulnerability in the setUssd function. This allows an attacker to execute arbitrary commands via the ussd parameter. Recommendations: For...

6.3CVSS7.9AI score0.189EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/11/21 12:0 a.m.39 views

CVE-2024-53333

TOTOLINK EX200 v4.0.3c.7646B20201211 was found to contain a command insertion vulnerability in the setUssd function. This vulnerability allows an attacker to execute arbitrary commands via the "ussd" parameter...

0.189EPSS
Exploits1References1
CNVD
CNVD
added 2024/01/11 12:0 a.m.4 views

TOTOLINK LR1200GB setUssd Function OS Command Injection Vulnerability

The TOTOLINK LR1200GB is a wireless dual-band 4GLTE router from China's Gion Electronics TOTOLINK that supports 2.4GHz and 5GHz dual-band networks, and is primarily used to provide mobile broadband connectivity and Wi-Fi coverage. The TOTOLINK LR1200GB suffers from an operating system command...

9.8CVSS7.6AI score0.03834EPSS
Exploits1References1
OSV
OSV
added 2023/10/11 4:15 p.m.4 views

CVE-2023-27380

An OS command injection vulnerability exists in the admin.cgi USSDsend functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

8.8CVSS7.3AI score0.05749EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/10/11 12:0 a.m.3 views

Peplink Surf SOHO HW1 Operating System Command Injection Vulnerability

Peplink Surf SOHO HW1 is a small router from Peplink. An OS command injection vulnerability exists in Peplink Surf SOHO HW1 v6.3.5, which stems from an OS command injection vulnerability in the admin.cgi USSDsend function. An attacker can exploit this vulnerability to execute commands via special...

8.8CVSS7.9AI score0.05749EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2023/07/07 2:15 p.m.5 views

CVE-2023-37148

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function...

9.8CVSS7.4AI score0.01958EPSS
Exploits1References2
OSV
OSV
added 2023/07/07 2:15 p.m.7 views

CVE-2023-37148

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function...

9.8CVSS5.8AI score0.01958EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/07/07 12:0 a.m.16 views

CVE-2023-37148

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function...

8AI score0.01958EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/07/07 12:0 a.m.30 views

CVE-2023-37148

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function...

10AI score0.01958EPSS
Exploits1References1
OSV
OSV
added 2022/12/22 8:15 p.m.4 views

CVE-2022-22758

When clicking on a tel: link, USSD codes, specified after a \ character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack.This bug only affects...

8.8CVSS7.3AI score0.00364EPSS
Exploits0References2
NVD
NVD
added 2022/12/22 8:15 p.m.14 views

CVE-2022-22758

When clicking on a tel: link, USSD codes, specified after a \ character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack.This bug only affects...

8.8CVSS0.00364EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2022/12/22 8:15 p.m.28 views

CVE-2022-22758

When clicking on a tel: link, USSD codes, specified after a \ character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack.This bug only affects...

8.8CVSS7.1AI score0.00364EPSS
Exploits0References2
Prion
Prion
added 2022/12/22 8:15 p.m.27 views

Cross site request forgery (csrf)

When clicking on a tel: link, USSD codes, specified after a \ character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack.This bug only affects...

6.8CVSS8AI score0.00364EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/12/22 12:0 a.m.7 views

CVE-2022-22758

When clicking on a tel: link, USSD codes, specified after a \ character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack.This bug only affects...

8AI score0.00364EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/12/22 12:0 a.m.38 views

CVE-2022-22758

When clicking on a tel: link, USSD codes, specified after a \ character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack.This bug only affects...

8.6AI score0.00364EPSS
Exploits0References2
CVE
CVE
added 2022/12/22 12:0 a.m.155 views

CVE-2022-22758

CVE-2022-22758 affects Mozilla Firefox (Android) and arises from incorrect handling of tel: links where USSD codes placed after a * character could be included in the dialed number, potentially enabling actions on a user’s account. The issue impacts Firefox versions prior to 97 (and related ESR l...

8.8CVSS8.2AI score0.00364EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder