RSS   Vulnerabilities for 'Obihai obi1022 firmware'   RSS

2019-08-01
 
CVE-2019-14259

CWE-77
 

 
On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection (missing input validation) issue in the NTP server IP address field for the "Time Service Settings web" interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request.

 

 >>> Vendor: Polycom 29 Products
Viewstation 128
Viewstation 512
Viewstation dcp
Viewstation fx vs4000
Viewstation h.323
Viewstation mp
Viewstation sp 384
Viewstation v.35
Viavideo
Mgc-100
Mgc-25
Mgc-50
Soundpoint ip 301
Soundpoint ip 650
Soundpoint ip 601
Hdx system software
Realpresence cloudaxis suite
Btoe connector
Unified communications software
Realpresence resource manager
Qdx 6000 firmware
Uc software
Vvx 500 firmware
Vvx 601 firmware
Better together over ethernet connector
Group series
HDX
PANO
Obihai obi1022 firmware


Copyright 2019, cxsecurity.com

 

Back to Top