Aggregates CVE and security vulnerability intelligence across all auerswald-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk path handling, vendor risk file inclusion, and vendor risk buffer overflow; exposure may include vendor impact application crash in vendor surface production workloads contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2021-40858 | Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Disclosure. A sub-admin can read the cleartext Admin password via the fileName=../../etc/passwd substring. | [email protected] | 4.9 | 1.71% | 2021-12-13 | 2024-11-21 |
| CVE-2021-40857 | Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation via the passwd=1 substring. | [email protected] | 8.8 | 1.39% | 2021-12-13 | 2024-11-21 |
| CVE-2021-40856 | Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Authentication Bypass via the /about/../ substring. | [email protected] | 7.5 | 88.12% | 2021-12-13 | 2024-11-21 |
| CVE-2021-40859 | Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow attackers with access to the web based management application full administrative access to the device. | [email protected] | 9.8 | 79.80% | 2021-12-07 | 2024-11-21 |
| CVE-2018-19978 | A buffer overflow vulnerability in the DHCP and PPPOE configuration interface of the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows a remote attacker (authenticated as simple user in the same network as the device) to trigger remote code execution via a POST request (ManufacturerName parameter) to the web server on the device. The web server is running with root privileges and the injected code will also run with root privileges. | [email protected] | 8.0 | 0.41% | 2019-05-29 | 2024-11-21 |
| CVE-2018-19977 | A command injection (missing input validation, escaping) in the ftp upgrade configuration interface on the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows an authenticated remote attacker (simple user) -- in the same network as the device -- to trigger OS commands (like starting telnetd or opening a reverse shell) via a POST request to the web server. | [email protected] | 8.0 | 2.26% | 2019-05-29 | 2024-11-21 |
| CVE-2003-1457 | Auerswald COMsuite CTI ControlCenter 3.1 creates a default "runasositron" user account with an easily guessable password, which allows local users or remote attackers to gain access. | [email protected] | 4.6 | 0.26% | 2003-12-31 | 2026-04-16 |