Vulnerabilities > Auerswald

DATE CVE VULNERABILITY TITLE RISK
2021-12-13 CVE-2021-40856 Use of Incorrectly-Resolved Name or Reference vulnerability in Auerswald products
Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Authentication Bypass via the /about/../ substring.
network
low complexity
auerswald CWE-706
5.0
5.0
2021-12-13 CVE-2021-40857 Insufficiently Protected Credentials vulnerability in Auerswald products
Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation via the passwd=1 substring.
network
low complexity
auerswald CWE-522
6.5
6.5
2021-12-13 CVE-2021-40858 Path Traversal vulnerability in Auerswald products
Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Disclosure.
network
low complexity
auerswald CWE-22
6.8
6.8
2021-12-07 CVE-2021-40859 Unspecified vulnerability in Auerswald Compact 5500R Firmware 7.8A/8.0B
Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow attackers with access to the web based management application full administrative access to the device.
network
low complexity
auerswald
critical
 10.0
10
2019-05-29 CVE-2018-19978 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Auerswald Comfortel 1200 IP Firmware 3.4.4.110589
A buffer overflow vulnerability in the DHCP and PPPOE configuration interface of the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows a remote attacker (authenticated as simple user in the same network as the device) to trigger remote code execution via a POST request (ManufacturerName parameter) to the web server on the device.
low complexity
auerswald CWE-119
7.7
7.7
2019-05-29 CVE-2018-19977 OS Command Injection vulnerability in Auerswald Comfortel 1200 IP Firmware 3.4.4.110589
A command injection (missing input validation, escaping) in the ftp upgrade configuration interface on the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows an authenticated remote attacker (simple user) -- in the same network as the device -- to trigger OS commands (like starting telnetd or opening a reverse shell) via a POST request to the web server.
low complexity
auerswald CWE-78
7.7
7.7
2003-12-31 CVE-2003-1457 Configuration vulnerability in Auerswald Comsuite CTI Controlcenter 3.1
Auerswald COMsuite CTI ControlCenter 3.1 creates a default "runasositron" user account with an easily guessable password, which allows local users or remote attackers to gain access.
local
low complexity
auerswald CWE-16
4.6
4.6