Vulnerabilities > Akuvox > High

DATE CVE VULNERABILITY TITLE RISK
2023-03-31 CVE-2023-0343 Use of Insufficiently Random Values vulnerability in Akuvox E11 Firmware
Akuvox E11 contains a function that encrypts messages which are then forwarded.
network
low complexity
akuvox CWE-330
7.5
2023-03-31 CVE-2023-0344 Unspecified vulnerability in Akuvox E11 Firmware
Akuvox E11 appears to be using a custom version of dropbear SSH server.
network
low complexity
akuvox
7.5
2023-03-13 CVE-2023-0346 Unspecified vulnerability in Akuvox E11 Firmware
Akuvox E11 cloud login is performed through an unencrypted HTTP connection.
network
low complexity
akuvox
7.5
2023-03-13 CVE-2023-0348 Unspecified vulnerability in Akuvox E11 Firmware
Akuvox E11 allows direct SIP calls.
network
low complexity
akuvox
7.5
2023-03-13 CVE-2023-0351 Command Injection vulnerability in Akuvox E11 Firmware
The Akuvox E11 web server backend library allows command injection in the device phone-book contacts functionality.
network
low complexity
akuvox CWE-77
8.8
2023-03-13 CVE-2023-0355 Unspecified vulnerability in Akuvox E11 Firmware
Akuvox E11 uses a hard-coded cryptographic key, which could allow an attacker to decrypt sensitive information.
network
low complexity
akuvox
7.5
2019-07-22 CVE-2019-12324 OS Command Injection vulnerability in Akuvox Sp-R50P Firmware 50.0.6.156
A command injection (missing input validation) issue in the IP address field for the logging server in the configuration web interface on the Akuvox R50P VoIP phone with firmware 50.0.6.156 allows an authenticated remote attacker in the same network to trigger OS commands via shell metacharacters in a POST request.
network
low complexity
akuvox CWE-78
7.2