Vulnerabilities > Audiocodes > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-05-29 CVE-2022-24631 Cross-site Scripting vulnerability in Audiocodes Device Manager Express
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752.
network
low complexity
audiocodes CWE-79
5.4
2023-05-29 CVE-2022-24632 Path Traversal vulnerability in Audiocodes Device Manager Express
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752.
network
low complexity
audiocodes CWE-22
5.3
2019-07-20 CVE-2019-9229 Use of Hard-coded Credentials vulnerability in Audiocodes products
An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251.
low complexity
audiocodes CWE-798
5.8
2019-07-18 CVE-2019-9231 Cross-Site Request Forgery (CSRF) vulnerability in Audiocodes products
An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions before 7.20A.202.307.
6.8
2019-07-18 CVE-2019-9230 Cross-site Scripting vulnerability in Audiocodes products
An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.253.
network
audiocodes CWE-79
4.3
2019-04-25 CVE-2018-16220 Cross-site Scripting vulnerability in Audiocodes 405Hd Firmware 2.2.12
Cross Site Scripting in different input fields (domain field and personal settings) in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an attacker (local or remote) to inject JavaScript into the web interface of the device by manipulating the phone book entries or manipulating the domain name sent to the device from the domain controller.
network
audiocodes CWE-79
4.3
2018-10-24 CVE-2018-18567 Improper Certificate Validation vulnerability in Audiocodes 440Hd Firmware and 450Hd Firmware
AudioCodes 440HD and 450HD devices 3.1.2.89 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business.
4.3