Filtered by vendor Auerswald Subscriptions
Total 7 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-40859 1 Auerswald 2 Compact 5500r, Compact 5500r Firmware 2024-11-21 9.8 Critical
Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow attackers with access to the web based management application full administrative access to the device.
CVE-2021-40858 1 Auerswald 20 Commander 6000r Ip, Commander 6000r Ip Firmware, Commander 6000rx Ip and 17 more 2024-11-21 4.9 Medium
Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Disclosure. A sub-admin can read the cleartext Admin password via the fileName=../../etc/passwd substring.
CVE-2021-40857 1 Auerswald 20 Commander 6000r Ip, Commander 6000r Ip Firmware, Commander 6000rx Ip and 17 more 2024-11-21 8.8 High
Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation via the passwd=1 substring.
CVE-2021-40856 1 Auerswald 6 Comfortel 1400 Ip, Comfortel 1400 Ip Firmware, Comfortel 2600 Ip and 3 more 2024-11-21 7.5 High
Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Authentication Bypass via the /about/../ substring.
CVE-2018-19978 1 Auerswald 2 Comfortel 1200 Ip, Comfortel 1200 Ip Firmware 2024-11-21 N/A
A buffer overflow vulnerability in the DHCP and PPPOE configuration interface of the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows a remote attacker (authenticated as simple user in the same network as the device) to trigger remote code execution via a POST request (ManufacturerName parameter) to the web server on the device. The web server is running with root privileges and the injected code will also run with root privileges.
CVE-2018-19977 1 Auerswald 2 Comfortel 1200 Ip, Comfortel 1200 Ip Firmware 2024-11-21 N/A
A command injection (missing input validation, escaping) in the ftp upgrade configuration interface on the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows an authenticated remote attacker (simple user) -- in the same network as the device -- to trigger OS commands (like starting telnetd or opening a reverse shell) via a POST request to the web server.
CVE-2003-1457 1 Auerswald 1 Comsuite Cti Controlcenter 2024-11-21 N/A
Auerswald COMsuite CTI ControlCenter 3.1 creates a default "runasositron" user account with an easily guessable password, which allows local users or remote attackers to gain access.