Rdkcentral Rdkb Ccsppandm
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Rdkcentral Rdkb Ccsppandm.
By the Year
In 2026 there have been 0 vulnerabilities in Rdkcentral Rdkb Ccsppandm. Rdkb Ccsppandm did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 4 | 7.90 |
It may take a day or so for new Rdkb Ccsppandm vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Rdkcentral Rdkb Ccsppandm Security Vulnerabilities
Incorrect access control in actionHandlerUtility.php in the RDK RDKB-20181217-1 WebUI module
CVE-2019-6961
6.5 - Medium
- June 20, 2019
Incorrect access control in actionHandlerUtility.php in the RDK RDKB-20181217-1 WebUI module allows a logged in user to control DDNS, QoS, RIP, and other privileged configurations (intended only for the network operator) by sending an HTTP POST to the PHP backend, because the page filtering for non-superuser (in header.php) is done only for GET requests and not for direct AJAX calls.
AuthZ
A shell injection issue in cosa_wifi_apis.c in the RDK RDKB-20181217-1 CcspWifiAgent module
CVE-2019-6962
7.5 - High
- June 20, 2019
A shell injection issue in cosa_wifi_apis.c in the RDK RDKB-20181217-1 CcspWifiAgent module allows attackers with login credentials to execute arbitrary shell commands under the CcspWifiSsp process (running as root) if the platform was compiled with the ENABLE_FEATURE_MESHWIFI macro. The attack is conducted by changing the Wi-Fi network password to include crafted escape characters. This is related to the WebUI module.
Shell injection
A heap-based buffer overflow in cosa_dhcpv4_dml.c in the RDK RDKB-20181217-1 CcspPandM module may
CVE-2019-6963
8.8 - High
- June 20, 2019
A heap-based buffer overflow in cosa_dhcpv4_dml.c in the RDK RDKB-20181217-1 CcspPandM module may allow attackers with login credentials to achieve remote code execution by crafting a long buffer in the "Comment" field of an IP reservation form in the admin panel. This is related to the CcspCommonLibrary module.
Memory Corruption
A heap-based buffer over-read in Service_SetParamStringValue in cosa_x_cisco_com_ddns_dml.c of the RDK RDKB-20181217-1 CcspPandM module may
CVE-2019-6964
8.8 - High
- June 20, 2019
A heap-based buffer over-read in Service_SetParamStringValue in cosa_x_cisco_com_ddns_dml.c of the RDK RDKB-20181217-1 CcspPandM module may allow attackers with login credentials to achieve information disclosure and code execution by crafting an AJAX call responsible for DDNS configuration with an exactly 64-byte username, password, or domain, for which the buffer size is insufficient for the final '\0' character. This is related to the CcspCommonLibrary and WebUI modules.
Out-of-bounds Read
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Rdkcentral Rdkb Ccsppandm or by Rdkcentral? Click the Watch button to subscribe.
