Vulnerabilities > CVE-2019-12325 - Out-of-bounds Write vulnerability in Htek Uc902 Firmware 2.0.4.4.46

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

htek

CWE-787

NVD

Published: 2019-07-22

Updated: 2024-11-21

Summary

The Htek UC902 VoIP phone web management interface contains several buffer overflow vulnerabilities in the firmware version 2.0.4.4.46, which allow an attacker to crash the device (DoS) without authentication or execute code (authenticated as a user) to spawn a remote shell as a root user.

Vulnerable Configurations

Part	Description	Count
OS	Htek Htek Uc902 Firmware 2.0.4.4.46	1
Hardware	Htek Htek Uc902 -	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_Htek_UC902.pdf
https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_Htek_UC902.pdf