Published: 13/12/2021 Updated: 12/07/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Auerswald COMfortel 1400 IP and 2600 IP prior to 2.8G devices allow Authentication Bypass via the /about/../ substring.

Vulnerable Product	Search on Vulmon	Subscribe to Product
auerswald comfortel_3600_ip_firmware
auerswald comfortel_2600_ip_firmware
auerswald comfortel_1400_ip_firmware

Check Point Reference: CPAI-2021-2145 Date Published: 2 Apr 2024 Severity: High ...

RedTeam Pentesting discovered a vulnerability in the web-based configuration management interface of the Auerswald COMfortel 1400 and 2600 IP desktop phones The vulnerability allows accessing configuration data and settings in the web-based management interface without authentication Versions 28F and below are affected ...

CWE-706 https://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses http://packetstormsecurity.com/files/165162/Auerswald-COMfortel-1400-2600-3600-IP-2.8F-Authentication-Bypass.html https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-004/-auerswald-comfortel-1400-2600-3600-ip-authentication-bypass https://nvd.nist.gov https://packetstormsecurity.com/files/165162/Auerswald-COMfortel-1400-2600-3600-IP-2.8F-Authentication-Bypass.html https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2021-2145.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-40856

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect