Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cisco spa500 series ip phones firmware vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-20181
A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote malicious user to conduct XSS attacks. This vulnerability is due to insufficient validation of user-supplied input by the web-based managem...
Cisco Spa500ds Firmware -
Cisco Spa500s Firmware -
Cisco Spa501g Firmware -
Cisco Spa502g Firmware -
Cisco Spa504g Firmware -
Cisco Spa508g Firmware -
Cisco Spa509g Firmware -
Cisco Spa512g Firmware -
Cisco Spa514g Firmware -
Cisco Spa525 Firmware -
Cisco Spa525g Firmware -
Cisco Spa525g2 Firmware -
6.1
CVSSv3
CVE-2023-20218
A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote malicious user to to modify a web page in the context of a user's browser. This vulnerability is due to insufficient validation of u...
Cisco Spa500ds Firmware -
Cisco Spa500s Firmware -
Cisco Spa501g Firmware -
Cisco Spa502g Firmware -
Cisco Spa504g Firmware -
Cisco Spa508g Firmware -
Cisco Spa509g Firmware -
Cisco Spa512g Firmware -
Cisco Spa514g Firmware -
Cisco Spa525 Firmware -
Cisco Spa525g Firmware -
Cisco Spa525g2 Firmware -
6.6
CVSSv3
CVE-2019-15959
A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate malicious user to execute arbitrary commands on the device. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An ...
Cisco Spa500 Series Ip Phones Firmware
6.6
CVSSv3
CVE-2019-1923
A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate malicious user to execute arbitrary commands on the device. The vulnerability is due to improper input validation in the device configuration interface. An attacker could exploit th...
Cisco Spa501g Firmware
Cisco Spa502g Firmware
Cisco Spa504g Firmware
Cisco Spa508g Firmware
Cisco Spa509g Firmware
Cisco Spa512g Firmware
Cisco Spa514g Firmware
Cisco Spa525g2 Firmware
Cisco Spa500s Firmware
Cisco Spa500ds Firmware
7.4
CVSSv3
CVE-2019-1683
A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote malicious user to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP...
Cisco Spa112 Firmware 1.4.2
Cisco Spa525 Firmware 7.6.2
Cisco Spa5x5 Firmware 7.6.2
Cisco Spa500 Firmware 1.4.2
Cisco Spa500s Firmware 1.4.2
Cisco Spa500ds Firmware 1.4.2
Cisco Spa501g Firmware 1.4.2
Cisco Spa502g Firmware 1.4.2
Cisco Spa504g Firmware 1.4.2
Cisco Spa508g Firmware 1.4.2
Cisco Spa509g Firmware 1.4.2
Cisco Spa512g Firmware 1.4.2
Cisco Spa514g Firmware 1.4.2
Cisco Spa525g Firmware 1.4.2
8.8
CVSSv3
CVE-2017-12271
A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote malicious user to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this ...
Cisco Spa300 Firmware
Cisco Spa500 Firmware
7.5
CVSSv3
CVE-2017-12219
A vulnerability in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones could allow an unauthenticated, remote malicious user to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnera...
Cisco Spa 301 Firmware 7.6.2
Cisco Spa 303 Firmware 7.6.2
Cisco Spa 500ds Firmware 7.6.2
Cisco Spa 500s Firmware 7.6.2
Cisco Spa 501g Firmware 7.6.2
Cisco Spa 502g Firmware 7.6.2
Cisco Spa 504g Firmware 7.6.2
Cisco Spa 508g Firmware 7.6.2
Cisco Spa 509g Firmware 7.6.2
Cisco Spa 512g Firmware 7.6.2
Cisco Spa 514g Firmware 7.6.2
7.5
CVSSv3
CVE-2016-1469
The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows remote malicious users to cause a denial of service (device outage) via a series of malformed HTTP requests, aka Bug ID CSCut67385.
Cisco Spa300 Firmware
Cisco Spa500 Firmware
NA
CVE-2015-6403
The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400.
Cisco Spa500 Firmware 7.5.7
Cisco Spa300 Firmware 7.5.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started