An issue exists on AudioCodes VoIP desk phones up to and including 3.4.4.1000. The validation of firmware images only consists of simple checksum checks for different firmware components. Thus, by knowing how to calculate and where to store the required checksums for the flasher tool, an attacker is able to store malicious firmware.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
audiocodes c470hd_firmware |
||
audiocodes c455hd_firmware |
||
audiocodes c435hd_firmware |
||
audiocodes 445hd_firmware |
||
audiocodes 405hd_firmware |
||
audiocodes c450hd_firmware |