Vulnerabilities > CVE-2019-12325 - Out-of-bounds Write vulnerability in Htek Uc902 Firmware 2.0.4.4.46

047910
CVSS 9.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
htek
CWE-787
critical

Summary

The Htek UC902 VoIP phone web management interface contains several buffer overflow vulnerabilities in the firmware version 2.0.4.4.46, which allow an attacker to crash the device (DoS) without authentication or execute code (authenticated as a user) to spawn a remote shell as a root user.

Vulnerable Configurations

Part Description Count
OS
Htek
1
Hardware
Htek
1

Common Weakness Enumeration (CWE)