120 matches found
CVE-2022-22758
When clicking on a tel: link, USSD codes, specified after a \ character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack.This bug only affects...
CVE-2022-22758
When clicking on a tel: link, USSD codes, specified after a \ character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack.This bug only affects...
TOTOLINK NR1800X setUssd Function Command Injection Vulnerability
TOTOLINK NR1800X is a 5G NR indoor Wi-Fi and SIP CPE broadband access device from China's Gion Electronics TOTOLINK, which is mainly used for the deployment of NR fixed data services in homes and offices to support 5G NR network connectivity. A command injection vulnerability exists in the TOTOLI...
CVE-2022-44251
TOTOLINK NR1800X V9.1.0u.6279B20210910 contains a command injection via the ussd parameter in the setUssd function...
CVE-2022-44251
TOTOLINK NR1800X V9.1.0u.6279B20210910 contains a command injection via the ussd parameter in the setUssd function...
Command injection
TOTOLINK NR1800X V9.1.0u.6279B20210910 contains a command injection via the ussd parameter in the setUssd function...
CVE-2022-44251
TOTOLINK NR1800X V9.1.0u.6279B20210910 contains a command injection via the ussd parameter in the setUssd function...
CVE-2022-44251
CVE-2022-44251 affects TOTOLINK NR1800X (version 9.1.0u.6279_B20210910). The vulnerability is a command injection in the setUssd function via the ussd parameter, with potential remote code execution. The CVE entry itself does not specify exploitation status; a PT-Security advisory notes the issue...
CVE-2022-44251
TOTOLINK NR1800X V9.1.0u.6279B20210910 contains a command injection via the ussd parameter in the setUssd function...
PT-2022-27150 · Totolink · Totolink Nr1800X
Name of the Vulnerable Software and Affected Versions: TOTOLINK NR1800X version 9.1.0u.6279 B20210910 Description: The issue is related to a command injection via the ussd parameter in the setUssd function. This allows for potential exploitation. No information is provided about the estimated...
TOTOLINK NR1800X 操作系统命令注入漏洞
TOTOLINK NR1800X is a 5G NR indoor Wi-Fi and SIP CPE broadband access device from China's Gion Electronics TOTOLINK, which is mainly used for the deployment of NR fixed data services in homes and offices to support 5G NR network connectivity. A command injection vulnerability exists in the TOTOLI...
CVE-2022-31760
Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services. Successful exploitation of this vulnerability may affect data integrity and confidentiality...
Design/Logic Flaw
Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services. Successful exploitation of this vulnerability may affect data integrity and confidentiality...
CVE-2022-31760
CVE-2022-31760 affects Huawei HarmonyOS 2.0 where a post-lock pop-up box issue in the operator’s USSD service can lead to dialogs being shown after the screen is locked. The vulnerability may compromise data integrity and confidentiality, as described in multiple sources (NVD/Red Hat/CVE listings...
CVE-2022-31760
Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services. Successful exploitation of this vulnerability may affect data integrity and confidentiality...
HUAWEI HarmonyOS has an unspecified vulnerability (CNVD-2022-66176)
HUAWEI HarmonyOS is an operating system from Huawei China. It provides a microkernel-based distributed operating system. A security vulnerability exists in HUAWEI HarmonyOS 2.0, which stems from a post-lock pop-up box issue in the operator's custom USSD service, and could be exploited by an...
ASB-A-218341397
In readArguments of CallSubjectDialog.java, there is a possible way to trick the user to call the wrong phone number due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2021-44751
A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website attached with USSD code in JavaScript or iFrame can trigger dialer application from F-Secure browser which can be exploited by an attacker to send unwanted USSD messages or perform unwanted calls. In mos...
Design/Logic Flaw
A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website attached with USSD code in JavaScript or iFrame can trigger dialer application from F-Secure browser which can be exploited by an attacker to send unwanted USSD messages or perform unwanted calls. In mos...
CVE-2021-44751
The CVE describes a vulnerability in the F-Secure SAFE browser where a malicious website containing USSD code via JavaScript or an iframe can trigger the browser’s dialer. This could allow an attacker to send USSD messages or initiate calls. The impact notes that on most modern Androids the diale...