← Back

Atcom

atcom

7 CVEs • 3 products

Products (3)

Click to collapse
Toggle
Netvolution
netvolution
6 CVEs
A10w Firmware
a10w_firmware
1 CVE
A10w
a10w
0 CVEs

CVEs (7)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-12328
1Atcom
1A10w Firmware
Nov 21, 2024
Jul 22, 2019
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
A command injection (missing input validation) issue in the remote phonebook configuration URI in the web interface of the Atcom A10W VoIP phone with firmware 2.6.1a2421 allows an authenticated remote attacker in the sam...Show more
A command injection (missing input validation) issue in the remote phonebook configuration URI in the web interface of the Atcom A10W VoIP phone with firmware 2.6.1a2421 allows an authenticated remote attacker in the same network to trigger OS commands via shell metacharacters in a POST request.Show less
CVE-2014-2318
1Atcom
1Netvolution
May 6, 2026
Mar 11, 2014
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in ATCOM Netvolution 3 allows remote attackers to execute arbitrary SQL commands via the m parameter.
CVE-2011-3340
1Atcom
1Netvolution
Apr 29, 2026
Oct 21, 2011
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in ATCOM Netvolution 2.5.8 ASP allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header.
CVE-2010-4967
1Atcom
1Netvolution
Apr 29, 2026
Oct 21, 2011
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in default.asp in ATCOM Netvolution 2.5.6 allows remote attackers to execute arbitrary SQL commands via the artID parameter.
CVE-2010-4966
1Atcom
1Netvolution
Apr 29, 2026
Oct 21, 2011
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in default.asp in ATCOM Netvolution allows remote attackers to inject arbitrary web script or HTML via the query parameter in a Search action.
CVE-2009-5103
1Atcom
1Netvolution
Apr 29, 2026
Oct 21, 2011
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in ATCOM Netvolution 1.0 ASP allows remote attackers to inject arbitrary web script or HTML via the email variable.
CVE-2009-5102
1Atcom
1Netvolution
Apr 29, 2026
Oct 21, 2011
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in default.asp in ATCOM Netvolution 1.0 ASP allows remote attackers to execute arbitrary SQL commands via the bpe_nid parameter.