MidnightBSD

Advisories for ikuai8

CVE-2021-28075 MEDIUM

iKuaiOS 3.4.8 Build 202012291059 has an arbitrary file download vulnerability, which can be exploited by attackers to obtain sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ikuai8 ikuaios 3.4.8
CVE-2022-40469

iKuai OS v3.6.7 was discovered to contain an authenticated remote code execution (RCE) vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
ikuai8 ikuaios *
CVE-2023-34849

An unauthorized command injection vulnerability exists in the ActionLogin function of the webman.lua file in Ikuai router OS through 3.7.1.

Products Affected

Vendor Product Version
ikuai8 ikuaios *