auerswald 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は パス処理の欠陥、vendor risk file inclusion, and バッファオーバーフロー に関連することが多く、vendor surface production workloads and vendor surface software deployment の文脈で アプリケーションクラッシュ and vendor impact memory corruption などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2021-40858 | Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Disclosure. A sub-admin can read the cleartext Admin password via the fileName=../../etc/passwd substring. | [email protected] | 4.9 | 2.39% | 2021-12-12 | 2026-06-17 |
| CVE-2021-40857 | Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation via the passwd=1 substring. | [email protected] | 8.8 | 2.03% | 2021-12-12 | 2026-06-17 |
| CVE-2021-40856 | Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Authentication Bypass via the /about/../ substring. | [email protected] | 7.5 | 51.06% | 2021-12-12 | 2026-06-17 |
| CVE-2021-40859 | Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow attackers with access to the web based management application full administrative access to the device. | [email protected] | 9.8 | 71.98% | 2021-12-07 | 2026-06-17 |
| CVE-2018-19978 | A buffer overflow vulnerability in the DHCP and PPPOE configuration interface of the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows a remote attacker (authenticated as simple user in the same network as the device) to trigger remote code execution via a POST request (ManufacturerName parameter) to the web server on the device. The web server is running with root privileges and the injected code will also run with root privileges. | [email protected] | 8.0 | 4.09% | 2019-05-29 | 2026-06-16 |
| CVE-2018-19977 | A command injection (missing input validation, escaping) in the ftp upgrade configuration interface on the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows an authenticated remote attacker (simple user) -- in the same network as the device -- to trigger OS commands (like starting telnetd or opening a reverse shell) via a POST request to the web server. | [email protected] | 8.0 | 4.18% | 2019-05-29 | 2026-06-16 |
| CVE-2003-1457 | Auerswald COMsuite CTI ControlCenter 3.1 creates a default "runasositron" user account with an easily guessable password, which allows local users or remote attackers to gain access. | [email protected] | 4.6 | 0.53% | 2003-12-31 | 2026-06-16 |