The Htek UC902 VoIP phone web management interface contains several buffer overflow vulnerabilities in the firmware version 2.0.4.4.46, which allow an attacker to crash the device (DoS) without authentication or execute code (authenticated as a user) to spawn a remote shell as a root user.
References
Link | Resource |
---|---|
https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_Htek_UC902.pdf | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-07-22T15:54:16
Updated: 2019-07-22T15:54:16
Reserved: 2019-05-27T00:00:00
Link: CVE-2019-12325
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-07-22T16:15:11.660
Modified: 2022-04-18T17:01:56.557
Link: CVE-2019-12325
JSON object: View
Redhat Information
No data.
CWE