Vulnerabilities (CVE)

Filtered by vendor Rakuten Subscribe
Total 10 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-40282 1 Rakuten 2 Wifi Pocket, Wifi Pocket Firmware 2024-11-21 N/A 5.4 MEDIUM
Improper authentication vulnerability in Rakuten WiFi Pocket all versions allows a network-adjacent attacker to log in to the product's Management Screen. As a result, sensitive information may be obtained and/or the settings may be changed.
CVE-2022-29525 1 Rakuten 1 Casa 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation.
CVE-2022-28704 1 Rakuten 1 Casa 2024-11-21 9.0 HIGH 7.2 HIGH
Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to log in with the root privilege and perform an arbitrary operation if the product is in its default settings in which is set to accept SSH connections from the WAN side, and is also connected to the Internet with the authentication information unchanged from the default settings.
CVE-2022-26834 1 Rakuten 1 Casa 2024-11-21 5.0 MEDIUM 7.5 HIGH
Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to obtain the information stored in the product because the product is set to accept HTTP connections from the WAN side by default.
CVE-2020-14049 1 Rakuten 1 Viber 2024-11-21 5.0 MEDIUM 7.5 HIGH
Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication request, and either relay the request or capture the hash for offline password cracking. NOTE: this issue exists because of an incomplete fix for CVE-2019-12569.
CVE-2019-6024 1 Rakuten 1 Rakuma 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Rakuma App for Android version 7.15.0 and earlier, and for iOS version 7.16.4 and earlier allows an attacker to bypass authentication and obtain the user's authentication information via a malicious application created by the third party.
CVE-2019-18800 1 Rakuten 1 Viber 2024-11-21 4.3 MEDIUM 8.8 HIGH
Viber through 11.7.0.5 allows a remote attacker who can capture a victim's internet traffic to steal their Viber account, because not all Viber protocol traffic is encrypted. TCP data packet 9 on port 4244 from the victim's device contains cleartext information such as the device model and OS version, IMSI, and 20 bytes of udid in a binary format, which is located at offset 0x14 of this packet. Then, the attacker installs Viber on his device, initiates the registration process for any phone number, but doesn't enter a pin from SMS. Instead, he closes Viber. Next, the attacker rewrites his udid with the victim's udid, modifying the viber_udid file, which is located in the Viber preferences folder. (The udid is stored in a hexadecimal format.) Finally, the attacker starts Viber again and enters the pin from SMS.
CVE-2019-12569 1 Rakuten 1 Viber 2024-11-21 9.3 HIGH 7.8 HIGH
A vulnerability in Viber before 10.7.0 for Desktop (Windows) could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user, if the attacker can place a crafted library in a directory that is accessible to the vulnerable system.
CVE-2018-3987 1 Rakuten 1 Viber 2024-11-21 2.1 LOW 5.5 MEDIUM
An exploitable information disclosure vulnerability exists in the 'Secret Chats' functionality of Rakuten Viber on Android 9.3.0.6. The 'Secret Chats' functionality allows a user to delete all traces of a chat either by using a time trigger or by direct request. There is a bug in this functionality which leaves behind photos taken and shared on the secret chats, even after the chats are deleted. These photos will be stored in the device and accessible to all applications installed on the Android device.
CVE-2024-41918 1 Rakuten 1 Ichiba 2024-08-30 N/A 6.1 MEDIUM
'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. An arbitrary site may be displayed on the WebView of the product via Intent from another application installed on the user's device. As a result, the user may be redirected to an unauthorized site, and the user may become a victim of a phishing attack.