Vulnerabilities > Akuvox > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-03-31 | CVE-2023-0343 | Use of Insufficiently Random Values vulnerability in Akuvox E11 Firmware Akuvox E11 contains a function that encrypts messages which are then forwarded. | 7.5 |
2023-03-31 | CVE-2023-0344 | Unspecified vulnerability in Akuvox E11 Firmware Akuvox E11 appears to be using a custom version of dropbear SSH server. | 7.5 |
2023-03-13 | CVE-2023-0346 | Unspecified vulnerability in Akuvox E11 Firmware Akuvox E11 cloud login is performed through an unencrypted HTTP connection. | 7.5 |
2023-03-13 | CVE-2023-0348 | Unspecified vulnerability in Akuvox E11 Firmware Akuvox E11 allows direct SIP calls. | 7.5 |
2023-03-13 | CVE-2023-0351 | Command Injection vulnerability in Akuvox E11 Firmware The Akuvox E11 web server backend library allows command injection in the device phone-book contacts functionality. | 8.8 |
2023-03-13 | CVE-2023-0355 | Unspecified vulnerability in Akuvox E11 Firmware Akuvox E11 uses a hard-coded cryptographic key, which could allow an attacker to decrypt sensitive information. | 7.5 |
2019-07-22 | CVE-2019-12324 | OS Command Injection vulnerability in Akuvox Sp-R50P Firmware 50.0.6.156 A command injection (missing input validation) issue in the IP address field for the logging server in the configuration web interface on the Akuvox R50P VoIP phone with firmware 50.0.6.156 allows an authenticated remote attacker in the same network to trigger OS commands via shell metacharacters in a POST request. | 7.2 |