An issue was discovered on AudioCodes 450HD IP Phone devices with firmware 3.0.0.535.106. The traceroute and ping functionality, which uses a parameter in a request to command.cgi from the Monitoring page in the web UI, unsafely puts user-alterable data directly into an OS command, leading to Remote Code Execution via shell metacharacters in the query string.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-04-01T16:17:30

Updated: 2024-08-05T05:40:51.350Z

Reserved: 2018-01-17T00:00:00

Link: CVE-2018-5757

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-04-01T17:29:00.323

Modified: 2024-11-21T04:09:20.147

Link: CVE-2018-5757

cve-icon Redhat

No data.