cvedb.io
CVE-2022-33948
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2022-07-04T02:15:07.620 · Last modified 2026-06-17T04:49:32.373

Summary

HOME SPOT CUBE2 V102 contains an OS command injection vulnerability due to improper processing of data received from DHCP server. An adjacent attacker may execute an arbitrary OS command on the product if a malicious DHCP server is placed on the WAN side of the product.

Affected products

kddi — home_spot_cube_2_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when kddi ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.