Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Auerswald Subscribe
Filtered by product Comfortel 1200 Ip Firmware
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-19977 1 Auerswald 2 Comfortel 1200 Ip, Comfortel 1200 Ip Firmware 2020-08-24 7.7 HIGH 8.0 HIGH
A command injection (missing input validation, escaping) in the ftp upgrade configuration interface on the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows an authenticated remote attacker (simple user) -- in the same network as the device -- to trigger OS commands (like starting telnetd or opening a reverse shell) via a POST request to the web server.
CVE-2018-19978 1 Auerswald 2 Comfortel 1200 Ip, Comfortel 1200 Ip Firmware 2019-05-30 7.7 HIGH 8.0 HIGH
A buffer overflow vulnerability in the DHCP and PPPOE configuration interface of the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows a remote attacker (authenticated as simple user in the same network as the device) to trigger remote code execution via a POST request (ManufacturerName parameter) to the web server on the device. The web server is running with root privileges and the injected code will also run with root privileges.