Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
audiocodes vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2018-16219
A missing password verification in the web interface in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an remote attacker (in the same network as the device) to change the admin password without authentication via a POST request.
Audiocodes 405hd Firmware 2.2.12
6.1
CVSSv3
CVE-2018-16220
Cross Site Scripting in different input fields (domain field and personal settings) in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an attacker (local or remote) to inject JavaScript into the web interface of the device by manipulating the phone book entries or manipul...
Audiocodes 405hd Firmware 2.2.12
4.8
CVSSv3
CVE-2018-10091
AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow XSS.
Audiocodes 420hd Ip Phone Firmware 2.2.12.126
8.8
CVSSv3
CVE-2018-10093
AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow Remote Code Execution.
Audiocodes 420hd Ip Phone Firmware 2.2.12.126
9.8
CVSSv3
CVE-2022-24627
An issue exists in AudioCodes Device Manager Express up to and including 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form.
Audiocodes Device Manager Express
7.2
CVSSv3
CVE-2022-24628
An issue exists in AudioCodes Device Manager Express up to and including 7.8.20002.47752. It is authenticated SQL injection in the id parameter of IPPhoneFirmwareEdit.php.
Audiocodes Device Manager Express
9.8
CVSSv3
CVE-2022-24629
An issue exists in AudioCodes Device Manager Express up to and including 7.8.20002.47752. Remote code execution can be achieved via directory traversal in the dir parameter of the file upload functionality of BrowseFiles.php. An attacker can upload a .php file to WebAdmin/admin/A...
Audiocodes Device Manager Express
7.2
CVSSv3
CVE-2022-24630
An issue exists in AudioCodes Device Manager Express up to and including 7.8.20002.47752. BrowseFiles.php allows a ?cmd=ssh POST request with an ssh_command field that is executed.
Audiocodes Device Manager Express
5.4
CVSSv3
CVE-2022-24631
An issue exists in AudioCodes Device Manager Express up to and including 7.8.20002.47752. It is stored XSS via the ajaxTenants.php desc parameter.
Audiocodes Device Manager Express
5.3
CVSSv3
CVE-2022-24632
An issue exists in AudioCodes Device Manager Express up to and including 7.8.20002.47752. It is directory traversal during file download via the BrowseFiles.php view parameter.
Audiocodes Device Manager Express
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2