Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
audiocodes vulnerabilities and exploits
(subscribe to this query)
294
VMScore
CVE-2018-16219
A missing password verification in the web interface in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an remote attacker (in the same network as the device) to change the admin password without authentication via a POST request.
Audiocodes 405hd Firmware 2.2.12
803
VMScore
CVE-2018-5757
An issue exists on AudioCodes 450HD IP Phone devices with firmware 3.0.0.535.106. The traceroute and ping functionality, which uses a parameter in a request to command.cgi from the Monitoring page in the web UI, unsafely puts user-alterable data directly into an OS command, leadi...
Audiocodes 420hd Ip Phone Firmware 3.0.0.535.106
312
VMScore
CVE-2018-10091
AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow XSS.
Audiocodes 420hd Ip Phone Firmware 2.2.12.126
801
VMScore
CVE-2018-10093
AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow Remote Code Execution.
Audiocodes 420hd Ip Phone Firmware 2.2.12.126
NA
CVE-2022-24628
An issue exists in AudioCodes Device Manager Express up to and including 7.8.20002.47752. It is authenticated SQL injection in the id parameter of IPPhoneFirmwareEdit.php.
Audiocodes Device Manager Express
NA
CVE-2022-24632
An issue exists in AudioCodes Device Manager Express up to and including 7.8.20002.47752. It is directory traversal during file download via the BrowseFiles.php view parameter.
Audiocodes Device Manager Express
NA
CVE-2022-24627
An issue exists in AudioCodes Device Manager Express up to and including 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form.
Audiocodes Device Manager Express
NA
CVE-2022-24629
An issue exists in AudioCodes Device Manager Express up to and including 7.8.20002.47752. Remote code execution can be achieved via directory traversal in the dir parameter of the file upload functionality of BrowseFiles.php. An attacker can upload a .php file to WebAdmin/admin/A...
Audiocodes Device Manager Express
NA
CVE-2022-24630
An issue exists in AudioCodes Device Manager Express up to and including 7.8.20002.47752. BrowseFiles.php allows a ?cmd=ssh POST request with an ssh_command field that is executed.
Audiocodes Device Manager Express
NA
CVE-2022-24631
An issue exists in AudioCodes Device Manager Express up to and including 7.8.20002.47752. It is stored XSS via the ajaxTenants.php desc parameter.
Audiocodes Device Manager Express
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2