CVE-2016-1138

2016-01-3015:00:00

jpcert

www.cve.org

5.3 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.8%

JSON

CRLF injection vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to inject arbitrary HTTP headers via unspecified vectors.

References

jvn.jp/en/jp/JVN54686544/index.html

jvndb.jvn.jp/jvndb/JVNDB-2016-000009

www.au.kddi.com/mobile/service/smartphone/wifi/homespot/#anc06