Audiocodes

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-24628 1Audiocodes 1Device Manager Express Jan 14, 2025 May 29, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is authenticated SQL injection in the id parameter of IPPhoneFirmwareEdit.php.
CVE-2022-24627 1Audiocodes 1Device Manager Express Jan 14, 2025 May 29, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form.
CVE-2019-9229 1Audiocodes 4Median 500 Msbr Firmware Median 500l Msbr FirmwareMedian 800c Msbr Firmware+1 more Nov 21, 2024 Jul 20, 2019 N/A· v4 8.8 HIGH· v3 5.8 MEDIUM· v2 An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address 169.254.254.253 all...Show more An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address 169.254.254.253 allows attackers in the local network to access multiple quagga VTYs. Attackers can authenticate with the default 1234 password that cannot be changed, and can execute malicious and unauthorized actions.Show less
CVE-2019-9228 1Audiocodes 4Median 500 Msbr Firmware Median 500l Msbr FirmwareMedian 800c Msbr Firmware+1 more Nov 21, 2024 Jul 19, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A at least to 7.20A.252.062. The (1) management SSH and (2) management TELNET features allow...Show more An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A at least to 7.20A.252.062. The (1) management SSH and (2) management TELNET features allow remote attackers to cause a denial of service (connection slot exhaustion) via 5 unauthenticated connection attempts, because the maximum number of unauthenticated clients that can be configured is 5. NOTE: the vendor's position is that this is a "design choice.Show less
CVE-2019-9231 1Audiocodes 4Mediant 500 Mbsr Firmware Mediant 500l Msbr FirmwareMediant 800c Msbr Firmware+1 more Nov 21, 2024 Jul 18, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions before 7.20A.202.307. A Cross-Site Request Forgery (CSRF) vulnerability in the management web int...Show more An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions before 7.20A.202.307. A Cross-Site Request Forgery (CSRF) vulnerability in the management web interface allows remote attackers to execute malicious and unauthorized actions, because CSRFProtection=1 is not a default and is not documented.Show less
CVE-2019-9230 1Audiocodes 4Mediant 500 Mbsr Firmware Mediant 500l Msbr FirmwareMediant 800c Msbr Firmware+1 more Nov 21, 2024 Jul 18, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.253. A cross-site scripting (XSS) vulnerability in the search function of the ma...Show more An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.253. A cross-site scripting (XSS) vulnerability in the search function of the management web interface allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.Show less
CVE-2018-16220 1Audiocodes 1405hd Firmware Nov 21, 2024 Apr 25, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross Site Scripting in different input fields (domain field and personal settings) in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an attacker (local or remote) to inject JavaScript into the web interface of...Show more Cross Site Scripting in different input fields (domain field and personal settings) in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an attacker (local or remote) to inject JavaScript into the web interface of the device by manipulating the phone book entries or manipulating the domain name sent to the device from the domain controller.Show less
CVE-2018-16219 1Audiocodes 1405hd Firmware Nov 21, 2024 Apr 25, 2019 N/A· v4 8.8 HIGH· v3 3.3 LOW· v2 A missing password verification in the web interface in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an remote attacker (in the same network as the device) to change the admin password without authentication v...Show more A missing password verification in the web interface in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an remote attacker (in the same network as the device) to change the admin password without authentication via a POST request.Show less
CVE-2018-16216 1Audiocodes 1405hd Firmware Nov 21, 2024 Apr 25, 2019 N/A· v4 8.0 HIGH· v3 7.7 HIGH· v2 A command injection (missing input validation, escaping) in the monitoring or memory status web interface in AudioCodes 405HD (firmware 2.2.12) VoIP phone allows an authenticated remote attacker in the same network as th...Show more A command injection (missing input validation, escaping) in the monitoring or memory status web interface in AudioCodes 405HD (firmware 2.2.12) VoIP phone allows an authenticated remote attacker in the same network as the device to trigger OS commands (like starting telnetd or opening a reverse shell) via a POST request to the web server. In combination with another attack (unauthenticated password change), the attacker can circumvent the authentication requirement.Show less
CVE-2018-5757 1Audiocodes 1420hd Ip Phone Firmware Nov 21, 2024 Apr 1, 2019 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 An issue was discovered on AudioCodes 450HD IP Phone devices with firmware 3.0.0.535.106. The traceroute and ping functionality, which uses a parameter in a request to command.cgi from the Monitoring page in the web UI,...Show more An issue was discovered on AudioCodes 450HD IP Phone devices with firmware 3.0.0.535.106. The traceroute and ping functionality, which uses a parameter in a request to command.cgi from the Monitoring page in the web UI, unsafely puts user-alterable data directly into an OS command, leading to Remote Code Execution via shell metacharacters in the query string.Show less
CVE-2018-10093 1Audiocodes 1420hd Ip Phone Firmware Nov 21, 2024 Mar 21, 2019 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow Remote Code Execution.
CVE-2018-10091 1Audiocodes 1420hd Ip Phone Firmware Nov 21, 2024 Mar 21, 2019 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow XSS.
CVE-2018-18567 1Audiocodes 2440hd Firmware 450hd Firmware Nov 21, 2024 Oct 24, 2018 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 AudioCodes 440HD and 450HD devices 3.1.2.89 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise inst...Show more AudioCodes 440HD and 450HD devices 3.1.2.89 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business.Show less

Previous 12