Lucene search

K

Rdkcentral Security Vulnerabilities

cve
cve

CVE-2024-20006

In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08477148; Issue ID:...

6.7CVSS

6.7AI Score

0.0004EPSS

2024-02-05 06:15 AM
18
cve
cve

CVE-2023-32855

In aee, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07909204; Issue ID:...

6.7CVSS

6.6AI Score

0.0004EPSS

2023-12-04 04:15 AM
11
cve
cve

CVE-2023-20831

In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID:...

6.7CVSS

6.7AI Score

0.0004EPSS

2023-09-04 03:15 AM
13
cve
cve

CVE-2023-20828

In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID:...

6.7CVSS

6.7AI Score

0.0004EPSS

2023-09-04 03:15 AM
24
cve
cve

CVE-2023-20829

In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID:...

6.7CVSS

6.7AI Score

0.0004EPSS

2023-09-04 03:15 AM
26
cve
cve

CVE-2023-20832

In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID:...

6.7CVSS

6.7AI Score

0.0004EPSS

2023-09-04 03:15 AM
22
cve
cve

CVE-2023-20830

In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID:...

6.7CVSS

6.7AI Score

0.0004EPSS

2023-09-04 03:15 AM
19
cve
cve

CVE-2023-20821

In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07937113; Issue ID:...

6.7CVSS

6.7AI Score

0.0004EPSS

2023-09-04 03:15 AM
17
cve
cve

CVE-2023-20796

In power, there is a possible memory corruption due to an incorrect bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929790; Issue ID:...

4.4CVSS

4.8AI Score

0.0004EPSS

2023-08-07 04:15 AM
22
cve
cve

CVE-2023-20790

In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07740194; Issue ID:...

4.4CVSS

4.4AI Score

0.0004EPSS

2023-08-07 04:15 AM
22
cve
cve

CVE-2023-20725

In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07734004 / ALPS07874358 (For MT6880, MT6890, MT6980, MT6990.....

6.7CVSS

6.7AI Score

0.0004EPSS

2023-06-06 01:15 PM
14
cve
cve

CVE-2023-20726

In mnld, there is a possible leak of GPS location due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980,...

3.3CVSS

3.7AI Score

0.0004EPSS

2023-05-15 10:15 PM
28
cve
cve

CVE-2019-6963

A heap-based buffer overflow in cosa_dhcpv4_dml.c in the RDK RDKB-20181217-1 CcspPandM module may allow attackers with login credentials to achieve remote code execution by crafting a long buffer in the "Comment" field of an IP reservation form in the admin panel. This is related to the...

8.8CVSS

9.1AI Score

0.006EPSS

2019-06-20 02:15 PM
73
cve
cve

CVE-2019-6962

A shell injection issue in cosa_wifi_apis.c in the RDK RDKB-20181217-1 CcspWifiAgent module allows attackers with login credentials to execute arbitrary shell commands under the CcspWifiSsp process (running as root) if the platform was compiled with the ENABLE_FEATURE_MESHWIFI macro. The attack is....

7.5CVSS

8AI Score

0.001EPSS

2019-06-20 02:15 PM
55
cve
cve

CVE-2019-6961

Incorrect access control in actionHandlerUtility.php in the RDK RDKB-20181217-1 WebUI module allows a logged in user to control DDNS, QoS, RIP, and other privileged configurations (intended only for the network operator) by sending an HTTP POST to the PHP backend, because the page filtering for...

6.5CVSS

6.4AI Score

0.001EPSS

2019-06-20 02:15 PM
51
cve
cve

CVE-2019-6964

A heap-based buffer over-read in Service_SetParamStringValue in cosa_x_cisco_com_ddns_dml.c of the RDK RDKB-20181217-1 CcspPandM module may allow attackers with login credentials to achieve information disclosure and code execution by crafting an AJAX call responsible for DDNS configuration with...

8.8CVSS

8.6AI Score

0.001EPSS

2019-06-20 02:15 PM
71