A command injection (missing input validation) issue in the remote phonebook configuration URI in the web interface of the Atcom A10W VoIP phone with firmware 2.6.1a2421 allows an authenticated remote attacker in the same network to trigger OS commands via shell metacharacters in a POST request.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-07-22T17:55:50
Updated: 2024-08-04T23:17:39.835Z
Reserved: 2019-05-27T00:00:00
Link: CVE-2019-12328
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-07-22T18:15:11.447
Modified: 2024-11-21T04:22:37.673
Link: CVE-2019-12328
Redhat
No data.