Описание
Missing file and path validation in the ringtone upload function of the Akuvox R50P VoIP phone 50.0.6.156 allows an attacker to upload a manipulated ringtone file, with an executable payload (shell commands within the file) and trigger code execution.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:akuvox:sp-r50p_firmware:50.0.6.156:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:sp-r50p:-:*:*:*:*:*:*:*
EPSS
Процентиль: 81%
0.01565
Низкий
7.2 High
CVSS3
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-434
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
Missing file and path validation in the ringtone upload function of the Akuvox R50P VoIP phone 50.0.6.156 allows an attacker to upload a manipulated ringtone file, with an executable payload (shell commands within the file) and trigger code execution.
EPSS
Процентиль: 81%
0.01565
Низкий
7.2 High
CVSS3
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-434