A command injection (missing input validation) issue in the remote phonebook configuration URI in the web interface of the Atcom A10W VoIP phone with firmware 2.6.1a2421 allows an authenticated remote attacker in the same network to trigger OS commands via shell metacharacters in a POST request.
References
Link | Resource |
---|---|
https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_Atcom_A10W.pdf | Exploit Mitigation Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-07-22T17:55:50
Updated: 2019-07-22T17:55:50
Reserved: 2019-05-27T00:00:00
Link: CVE-2019-12328
JSON object: View
NVD Information
Status : Modified
Published: 2019-07-22T18:15:11.447
Modified: 2020-08-24T17:37:01.140
Link: CVE-2019-12328
JSON object: View
Redhat Information
No data.
CWE