← Back

Comfortel 1200 Ip Firmware

comfortel_1200_ip_firmware

Vendor: Auerswald • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2018-19978
1Auerswald
1Comfortel 1200 Ip Firmware
Nov 21, 2024
May 29, 2019
N/A· v4
8.0 HIGH· v3
7.7 HIGH· v2
A buffer overflow vulnerability in the DHCP and PPPOE configuration interface of the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows a remote attacker (authenticated as simple user in the same network as the device)...Show more
A buffer overflow vulnerability in the DHCP and PPPOE configuration interface of the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows a remote attacker (authenticated as simple user in the same network as the device) to trigger remote code execution via a POST request (ManufacturerName parameter) to the web server on the device. The web server is running with root privileges and the injected code will also run with root privileges.Show less
CVE-2018-19977
1Auerswald
1Comfortel 1200 Ip Firmware
Nov 21, 2024
May 29, 2019
N/A· v4
8.0 HIGH· v3
7.7 HIGH· v2
A command injection (missing input validation, escaping) in the ftp upgrade configuration interface on the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows an authenticated remote attacker (simple user) -- in the sam...Show more
A command injection (missing input validation, escaping) in the ftp upgrade configuration interface on the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows an authenticated remote attacker (simple user) -- in the same network as the device -- to trigger OS commands (like starting telnetd or opening a reverse shell) via a POST request to the web server.Show less