auerswald CVE 脆弱性と CVE 一覧(7)

製品(CPE): — CVE 件数: 7

auerswald 脆弱性概要

auerswald 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。

公開された問題は パス処理の欠陥、vendor risk file inclusion, and バッファオーバーフロー に関連することが多く、vendor surface production workloads and vendor surface software deployment の文脈で アプリケーションクラッシュ and vendor impact memory corruption などの暴露リスクを伴う場合があります。

掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。

脆弱性分布の推移(直近24か月)

表示中 17 / 7 CVE 件数
«« 先頭 « 前へ 1 / 1 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2021-40858 Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Disclosure. A sub-admin can read the cleartext Admin password via the fileName=../../etc/passwd substring. [email protected] 4.9 2.39% 2021-12-12 2026-06-17
CVE-2021-40857 Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation via the passwd=1 substring. [email protected] 8.8 2.03% 2021-12-12 2026-06-17
CVE-2021-40856 Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Authentication Bypass via the /about/../ substring. [email protected] 7.5 51.06% 2021-12-12 2026-06-17
CVE-2021-40859 Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow attackers with access to the web based management application full administrative access to the device. [email protected] 9.8 71.98% 2021-12-07 2026-06-17
CVE-2018-19978 A buffer overflow vulnerability in the DHCP and PPPOE configuration interface of the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows a remote attacker (authenticated as simple user in the same network as the device) to trigger remote code execution via a POST request (ManufacturerName parameter) to the web server on the device. The web server is running with root privileges and the injected code will also run with root privileges. [email protected] 8.0 4.09% 2019-05-29 2026-06-16
CVE-2018-19977 A command injection (missing input validation, escaping) in the ftp upgrade configuration interface on the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows an authenticated remote attacker (simple user) -- in the same network as the device -- to trigger OS commands (like starting telnetd or opening a reverse shell) via a POST request to the web server. [email protected] 8.0 4.18% 2019-05-29 2026-06-16
CVE-2003-1457 Auerswald COMsuite CTI ControlCenter 3.1 creates a default "runasositron" user account with an easily guessable password, which allows local users or remote attackers to gain access. [email protected] 4.6 0.53% 2003-12-31 2026-06-16
«« 先頭 « 前へ 1 / 1 次へ »
cvelogic Threat Intelligence