Missing file and path validation in the ringtone upload function of the Akuvox R50P VoIP phone 50.0.6.156 allows an malicious user to upload a manipulated ringtone file, with an executable payload (shell commands within the file) and trigger code execution.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
akuvox sp-r50p_firmware 50.0.6.156 |