CVE-2021-40043

HIGH Year: 2021
CVSS v3 Score
7.8
High
CVSS v2 Score
4.6
Medium
Weakness Type
CWE-77
View all →

Vulnerability Description

The laser command injection vulnerability exists on AIS-BW80H-00 versions earlier than AIS-BW80H-00 9.0.3.4(H100SP13C00). The devices cannot effectively defend against external malicious interference. Attackers need the device to be visually exploitable and successful triggering of this vulnerability could execute voice commands on the device.

Related Vulnerabilities

CVE-2010-4345

HIGH
CVSS:7.8(High)

Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary comma...

CWE-772010

CVE-2014-1834

HIGH
CVSS:7.8(High)

The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to inject arbitrary code by adding a semi-colon in their username or password.

CWE-772014

CVE-2014-4677

HIGH
CVSS:7.8(High)

The installPackage function in the installerHelper subcomponent in Libmacgpg in GPG Suite before 2015.06 allows local users to execute arbitrary commands with root privileges via shell metacharacters ...

CWE-772014

CVE-2014-5220

HIGH
CVSS:7.8(High)

The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as root.

CWE-772014

CVE-2014-9114

HIGH
CVSS:7.8(High)

Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.

CWE-772014

CVE-2015-2210

HIGH
CVSS:7.8(High)

The help window in Epicor CRS Retail Store before 3.2.03.01.008 allows local users to execute arbitrary code by injecting Javascript into the window source to create a button that spawns a command she...

CWE-772015