Filtered by vendor Auerswald
Subscribe
Total
7 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-40856 | 1 Auerswald | 6 Comfortel 1400 Ip, Comfortel 1400 Ip Firmware, Comfortel 2600 Ip and 3 more | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Authentication Bypass via the /about/../ substring. | |||||
CVE-2021-40857 | 1 Auerswald | 20 Commander 6000r Ip, Commander 6000r Ip Firmware, Commander 6000rx Ip and 17 more | 2022-03-31 | 6.5 MEDIUM | 8.8 HIGH |
Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation via the passwd=1 substring. | |||||
CVE-2021-40858 | 1 Auerswald | 20 Commander 6000r Ip, Commander 6000r Ip Firmware, Commander 6000rx Ip and 17 more | 2022-01-04 | 6.8 MEDIUM | 4.9 MEDIUM |
Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Disclosure. A sub-admin can read the cleartext Admin password via the fileName=../../etc/passwd substring. | |||||
CVE-2021-40859 | 1 Auerswald | 2 Compact 5500r, Compact 5500r Firmware | 2021-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow attackers with access to the web based management application full administrative access to the device. | |||||
CVE-2018-19977 | 1 Auerswald | 2 Comfortel 1200 Ip, Comfortel 1200 Ip Firmware | 2020-08-24 | 7.7 HIGH | 8.0 HIGH |
A command injection (missing input validation, escaping) in the ftp upgrade configuration interface on the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows an authenticated remote attacker (simple user) -- in the same network as the device -- to trigger OS commands (like starting telnetd or opening a reverse shell) via a POST request to the web server. | |||||
CVE-2018-19978 | 1 Auerswald | 2 Comfortel 1200 Ip, Comfortel 1200 Ip Firmware | 2019-05-30 | 7.7 HIGH | 8.0 HIGH |
A buffer overflow vulnerability in the DHCP and PPPOE configuration interface of the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows a remote attacker (authenticated as simple user in the same network as the device) to trigger remote code execution via a POST request (ManufacturerName parameter) to the web server on the device. The web server is running with root privileges and the injected code will also run with root privileges. | |||||
CVE-2003-1457 | 1 Auerswald | 1 Comsuite Cti Controlcenter | 2017-07-28 | 4.6 MEDIUM | N/A |
Auerswald COMsuite CTI ControlCenter 3.1 creates a default "runasositron" user account with an easily guessable password, which allows local users or remote attackers to gain access. |