A missing password verification in the web interface in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an remote attacker (in the same network as the device) to change the admin password without authentication via a POST request.
References
Link | Resource |
---|---|
https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_AudioCodes_405HD.pdf | Mitigation Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-04-25T19:56:44
Updated: 2019-04-25T19:56:44
Reserved: 2018-08-30T00:00:00
Link: CVE-2018-16219
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-04-25T20:29:01.850
Modified: 2019-04-26T19:56:22.323
Link: CVE-2018-16219
JSON object: View
Redhat Information
No data.
CWE