RSS   Vulnerabilities for '8008 firmware'   RSS

2019-08-01
 
CVE-2019-14260

CWE-77
 

 
On the Alcatel-Lucent Enterprise (ALE) 8008 Cloud Edition Deskphone VoIP phone with firmware 1.50.13, a command injection (missing input validation) issue in the password change field for the Change Password interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request.

 

 >>> Vendor: Al-enterprise 3 Products
8008 firmware
Omnivista 4760
Omnivista 8770


Copyright 2024, cxsecurity.com

 

Back to Top