Описание
A command injection (missing input validation) issue in the remote phonebook configuration URI in the web interface of the Atcom A10W VoIP phone with firmware 2.6.1a2421 allows an authenticated remote attacker in the same network to trigger OS commands via shell metacharacters in a POST request.
Ссылки
- ExploitMitigationThird Party Advisory
- ExploitMitigationThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:atcom:a10w_firmware:2.6.1a2421:*:*:*:*:*:*:*
cpe:2.3:h:atcom:a10w:-:*:*:*:*:*:*:*
EPSS
Процентиль: 91%
0.06221
Низкий
9 Critical
CVSS3
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-78
Связанные уязвимости
github
больше 3 лет назад
A command injection (missing input validation) issue in the remote phonebook configuration URI in the web interface of the Atcom A10W VoIP phone with firmware 2.6.1a2421 allows an authenticated remote attacker in the same network to trigger OS commands via shell metacharacters in a POST request.
EPSS
Процентиль: 91%
0.06221
Низкий
9 Critical
CVSS3
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-78