Описание
A missing password verification in the web interface in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an remote attacker (in the same network as the device) to change the admin password without authentication via a POST request.
Ссылки
- ExploitMitigationThird Party Advisory
- ExploitMitigationThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:audiocodes:405hd_firmware:2.2.12:*:*:*:*:*:*:*
cpe:2.3:h:audiocodes:405hd:-:*:*:*:*:*:*:*
EPSS
Процентиль: 40%
0.00182
Низкий
8.8 High
CVSS3
3.3 Low
CVSS2
Дефекты
CWE-287
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
A missing password verification in the web interface in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an remote attacker (in the same network as the device) to change the admin password without authentication via a POST request.
EPSS
Процентиль: 40%
0.00182
Низкий
8.8 High
CVSS3
3.3 Low
CVSS2
Дефекты
CWE-287