Описание
The Htek UC902 VoIP phone web management interface contains several buffer overflow vulnerabilities in the firmware version 2.0.4.4.46, which allow an attacker to crash the device (DoS) without authentication or execute code (authenticated as a user) to spawn a remote shell as a root user.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:htek:uc902_firmware:2.0.4.4.46:*:*:*:*:*:*:*
cpe:2.3:h:htek:uc902:-:*:*:*:*:*:*:*
EPSS
Процентиль: 83%
0.01844
Низкий
8.2 High
CVSS3
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-787
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
The Htek UC902 VoIP phone web management interface contains several buffer overflow vulnerabilities in the firmware version 2.0.4.4.46, which allow an attacker to crash the device (DoS) without authentication or execute code (authenticated as a user) to spawn a remote shell as a root user.
EPSS
Процентиль: 83%
0.01844
Низкий
8.2 High
CVSS3
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-787