Vulnerabilities > Audiocodes
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-19 | CVE-2019-9228 | Unspecified vulnerability in Audiocodes products An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A at least to 7.20A.252.062. | 7.5 |
| 2019-07-18 | CVE-2019-9231 | Cross-Site Request Forgery (CSRF) vulnerability in Audiocodes products An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions before 7.20A.202.307. | 8.8 |
| 2019-07-18 | CVE-2019-9230 | Cross-site Scripting vulnerability in Audiocodes products An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.253. | 6.1 |
| 2019-04-25 | CVE-2018-16220 | Cross-site Scripting vulnerability in Audiocodes 405Hd Firmware 2.2.12 Cross Site Scripting in different input fields (domain field and personal settings) in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an attacker (local or remote) to inject JavaScript into the web interface of the device by manipulating the phone book entries or manipulating the domain name sent to the device from the domain controller. | 6.1 |
| 2019-04-25 | CVE-2018-16219 | Improper Authentication vulnerability in Audiocodes 405Hd Firmware 2.2.12 A missing password verification in the web interface in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an remote attacker (in the same network as the device) to change the admin password without authentication via a POST request. | 8.8 |
| 2019-04-25 | CVE-2018-16216 | OS Command Injection vulnerability in Audiocodes 405Hd Firmware 2.2.12 A command injection (missing input validation, escaping) in the monitoring or memory status web interface in AudioCodes 405HD (firmware 2.2.12) VoIP phone allows an authenticated remote attacker in the same network as the device to trigger OS commands (like starting telnetd or opening a reverse shell) via a POST request to the web server. | 8.0 |
| 2019-04-01 | CVE-2018-5757 | OS Command Injection vulnerability in Audiocodes 420Hd IP Phone Firmware 3.0.0.535.106 An issue was discovered on AudioCodes 450HD IP Phone devices with firmware 3.0.0.535.106. | 8.8 |
| 2019-03-21 | CVE-2018-10093 | Missing Authorization vulnerability in Audiocodes 420Hd IP Phone Firmware 2.2.12.126 AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow Remote Code Execution. | 8.8 |
| 2019-03-21 | CVE-2018-10091 | Cross-site Scripting vulnerability in Audiocodes 420Hd IP Phone Firmware 2.2.12.126 AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow XSS. | 4.8 |
| 2018-10-24 | CVE-2018-18567 | Improper Certificate Validation vulnerability in Audiocodes 440Hd Firmware and 450Hd Firmware AudioCodes 440HD and 450HD devices 3.1.2.89 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business. | 5.9 |