Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
audiocodes device manager express vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2022-24628
An issue exists in AudioCodes Device Manager Express up to and including 7.8.20002.47752. It is authenticated SQL injection in the id parameter of IPPhoneFirmwareEdit.php.
Audiocodes Device Manager Express
5.4
CVSSv3
CVE-2022-24631
An issue exists in AudioCodes Device Manager Express up to and including 7.8.20002.47752. It is stored XSS via the ajaxTenants.php desc parameter.
Audiocodes Device Manager Express
9.8
CVSSv3
CVE-2022-24629
An issue exists in AudioCodes Device Manager Express up to and including 7.8.20002.47752. Remote code execution can be achieved via directory traversal in the dir parameter of the file upload functionality of BrowseFiles.php. An attacker can upload a .php file to WebAdmin/admin/A...
Audiocodes Device Manager Express
5.3
CVSSv3
CVE-2022-24632
An issue exists in AudioCodes Device Manager Express up to and including 7.8.20002.47752. It is directory traversal during file download via the BrowseFiles.php view parameter.
Audiocodes Device Manager Express
9.8
CVSSv3
CVE-2022-24627
An issue exists in AudioCodes Device Manager Express up to and including 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form.
Audiocodes Device Manager Express
7.2
CVSSv3
CVE-2022-24630
An issue exists in AudioCodes Device Manager Express up to and including 7.8.20002.47752. BrowseFiles.php allows a ?cmd=ssh POST request with an ssh_command field that is executed.
Audiocodes Device Manager Express
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started