Lucene search
K

120 matches found

Debian CVE
Debian CVE
added 2022/12/22 12:0 a.m.45 views

CVE-2022-22758

When clicking on a tel: link, USSD codes, specified after a \ character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack.This bug only affects...

8.8CVSS9.3AI score0.00364EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2022/12/22 12:0 a.m.50 views

CVE-2022-22758

When clicking on a tel: link, USSD codes, specified after a \ character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack.This bug only affects...

8.8CVSS8.5AI score0.00364EPSS
Exploits0
CNVD
CNVD
added 2022/11/25 12:0 a.m.3 views

TOTOLINK NR1800X setUssd Function Command Injection Vulnerability

TOTOLINK NR1800X is a 5G NR indoor Wi-Fi and SIP CPE broadband access device from China's Gion Electronics TOTOLINK, which is mainly used for the deployment of NR fixed data services in homes and offices to support 5G NR network connectivity. A command injection vulnerability exists in the TOTOLI...

9.8CVSS8.6AI score0.0181EPSS
Exploits1References1
OSV
OSV
added 2022/11/23 4:15 p.m.2 views

CVE-2022-44251

TOTOLINK NR1800X V9.1.0u.6279B20210910 contains a command injection via the ussd parameter in the setUssd function...

9.8CVSS5.8AI score0.0181EPSS
Exploits1References1
NVD
NVD
added 2022/11/23 4:15 p.m.28 views

CVE-2022-44251

TOTOLINK NR1800X V9.1.0u.6279B20210910 contains a command injection via the ussd parameter in the setUssd function...

9.8CVSS0.0181EPSS
Exploits1References1
Prion
Prion
added 2022/11/23 4:15 p.m.21 views

Command injection

TOTOLINK NR1800X V9.1.0u.6279B20210910 contains a command injection via the ussd parameter in the setUssd function...

7.5CVSS9.7AI score0.0181EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/23 12:0 a.m.7 views

CVE-2022-44251

TOTOLINK NR1800X V9.1.0u.6279B20210910 contains a command injection via the ussd parameter in the setUssd function...

9.8AI score0.0181EPSS
Exploits1References1
CVE
CVE
added 2022/11/23 12:0 a.m.54 views

CVE-2022-44251

CVE-2022-44251 affects TOTOLINK NR1800X (version 9.1.0u.6279_B20210910). The vulnerability is a command injection in the setUssd function via the ussd parameter, with potential remote code execution. The CVE entry itself does not specify exploitation status; a PT-Security advisory notes the issue...

9.8CVSS9.6AI score0.0181EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/11/23 12:0 a.m.35 views

CVE-2022-44251

TOTOLINK NR1800X V9.1.0u.6279B20210910 contains a command injection via the ussd parameter in the setUssd function...

9.9AI score0.0181EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/11/23 12:0 a.m.5 views

PT-2022-27150 · Totolink · Totolink Nr1800X

Name of the Vulnerable Software and Affected Versions: TOTOLINK NR1800X version 9.1.0u.6279 B20210910 Description: The issue is related to a command injection via the ussd parameter in the setUssd function. This allows for potential exploitation. No information is provided about the estimated...

9.8CVSS9.5AI score0.0181EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/11/23 12:0 a.m.6 views

TOTOLINK NR1800X 操作系统命令注入漏洞

TOTOLINK NR1800X is a 5G NR indoor Wi-Fi and SIP CPE broadband access device from China's Gion Electronics TOTOLINK, which is mainly used for the deployment of NR fixed data services in homes and offices to support 5G NR network connectivity. A command injection vulnerability exists in the TOTOLI...

9.8CVSS8.5AI score0.0181EPSS
Exploits1References2
NVD
NVD
added 2022/06/13 4:15 p.m.25 views

CVE-2022-31760

Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services. Successful exploitation of this vulnerability may affect data integrity and confidentiality...

9.1CVSS0.0062EPSS
Exploits0References2
Prion
Prion
added 2022/06/13 4:15 p.m.18 views

Design/Logic Flaw

Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services. Successful exploitation of this vulnerability may affect data integrity and confidentiality...

6.4CVSS9.1AI score0.0062EPSS
Exploits0References2Affected Software3
CVE
CVE
added 2022/06/13 3:3 p.m.79 views

CVE-2022-31760

CVE-2022-31760 affects Huawei HarmonyOS 2.0 where a post-lock pop-up box issue in the operator’s USSD service can lead to dialogs being shown after the screen is locked. The vulnerability may compromise data integrity and confidentiality, as described in multiple sources (NVD/Red Hat/CVE listings...

9.1CVSS9.1AI score0.0062EPSS
Exploits0References2Affected Software3
Cvelist
Cvelist
added 2022/06/13 3:3 p.m.22 views

CVE-2022-31760

Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services. Successful exploitation of this vulnerability may affect data integrity and confidentiality...

9.4AI score0.0062EPSS
Exploits0References2
CNVD
CNVD
added 2022/06/08 12:0 a.m.51 views

HUAWEI HarmonyOS has an unspecified vulnerability (CNVD-2022-66176)

HUAWEI HarmonyOS is an operating system from Huawei China. It provides a microkernel-based distributed operating system. A security vulnerability exists in HUAWEI HarmonyOS 2.0, which stems from a post-lock pop-up box issue in the operator's custom USSD service, and could be exploited by an...

9.1CVSS2.8AI score0.0062EPSS
Exploits0References1
OSV
OSV
added 2022/06/01 12:0 a.m.33 views

ASB-A-218341397

In readArguments of CallSubjectDialog.java, there is a possible way to trick the user to call the wrong phone number due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7.8AI score0.00113EPSS
Exploits0References3
NVD
NVD
added 2022/03/25 11:15 a.m.23 views

CVE-2021-44751

A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website attached with USSD code in JavaScript or iFrame can trigger dialer application from F-Secure browser which can be exploited by an attacker to send unwanted USSD messages or perform unwanted calls. In mos...

5.3CVSS0.00553EPSS
Exploits0References1
Prion
Prion
added 2022/03/25 11:15 a.m.34 views

Design/Logic Flaw

A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website attached with USSD code in JavaScript or iFrame can trigger dialer application from F-Secure browser which can be exploited by an attacker to send unwanted USSD messages or perform unwanted calls. In mos...

5CVSS5.3AI score0.00553EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/03/25 10:32 a.m.102 views

CVE-2021-44751

The CVE describes a vulnerability in the F-Secure SAFE browser where a malicious website containing USSD code via JavaScript or an iframe can trigger the browser’s dialer. This could allow an attacker to send USSD messages or initiate calls. The impact notes that on most modern Androids the diale...

5.3CVSS4.8AI score0.00553EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder