Description
HOME SPOT CUBE2 V102 contains an OS command injection vulnerability due to improper processing of data received from DHCP server. An adjacent attacker may execute an arbitrary OS command on the product if a malicious DHCP server is placed on the WAN side of the product.
References (2)
Core 2
Core References
Product, Vendor Advisory x_refsource_misc
https://www.au.com/support/service/mobile/guide/wlan/home_spot_cube_2/
Third Party Advisory x_refsource_misc
https://jvn.jp/en/jp/JVN41017328/index.html
Scores
CVSS v3
8.8
EPSS
0.0099
EPSS Percentile
58.2%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
kddi/home_spot_cube_2_firmware
< v102
Published
Jul 04, 2022
Tracked Since
Feb 18, 2026