An issue was discovered on AudioCodes 450HD IP Phone devices with firmware 3.0.0.535.106. The traceroute and ping functionality, which uses a parameter in a request to command.cgi from the Monitoring page in the web UI, unsafely puts user-alterable data directly into an OS command, leading to Remote Code Execution via shell metacharacters in the query string.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-05T05:40:51.350Z

Reserved: 2018-01-17T00:00:00

Link: CVE-2018-5757

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-04-01T17:29:00.323

Modified: 2024-11-21T04:09:20.147

Link: CVE-2018-5757

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.