CVE-2018-16219

Published: Apr 25, 2019Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A missing password verification in the web interface in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an remote attacker (in the same network as the device) to change the admin password without authentication via a POST request.

Affected (1)

Products: Audiocodes: 405hd Firmware

Audiocodes

1 product

405hd Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Audiocodes 405hd Firmware	Version 2.2.12

Running on/with	Platform Versions
Audiocodes 405hd	All versions

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_AudioCodes_405HD.pdf

Source: cve@mitre.org

ExploitMitigationThird Party Advisory

https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_AudioCodes_405HD.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMitigationThird Party Advisory

Timeline

No history available yet.