Описание
A buffer overflow vulnerability in the DHCP and PPPOE configuration interface of the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows a remote attacker (authenticated as simple user in the same network as the device) to trigger remote code execution via a POST request (ManufacturerName parameter) to the web server on the device. The web server is running with root privileges and the injected code will also run with root privileges.
Ссылки
- https://www.auerswald.de/de/service/81-telefone/schnurgebundene-telefone/1568-comfortel-1200-ip.htmlProductVendor Advisory
- ExploitThird Party Advisory
- https://www.auerswald.de/de/service/81-telefone/schnurgebundene-telefone/1568-comfortel-1200-ip.htmlProductVendor Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Одновременно
EPSS
8 High
CVSS3
7.7 High
CVSS2
Дефекты
Связанные уязвимости
A buffer overflow vulnerability in the DHCP and PPPOE configuration interface of the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows a remote attacker (authenticated as simple user in the same network as the device) to trigger remote code execution via a POST request (ManufacturerName parameter) to the web server on the device. The web server is running with root privileges and the injected code will also run with root privileges.
EPSS
8 High
CVSS3
7.7 High
CVSS2