Vulnerabilities > Gigasetpro

DATE CVE VULNERABILITY TITLE RISK
2018-12-20 CVE-2018-18871 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gigasetpro Maxwell Basic Firmware 2.22.7
Missing password verification in the web interface on Gigaset Maxwell Basic VoIP phones with firmware 2.22.7 would allow a remote attacker (in the same network as the device) to change the admin password without authentication (and without knowing the original password).
network
low complexity
gigasetpro CWE-640
critical
9.8