Buffer overflow

2019-05-2918:29:00

PRIOn knowledge base

www.prio-n.com

8.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.8%

JSON

A buffer overflow vulnerability in the DHCP and PPPOE configuration interface of the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows a remote attacker (authenticated as simple user in the same network as the device) to trigger remote code execution via a POST request (ManufacturerName parameter) to the web server on the device. The web server is running with root privileges and the injected code will also run with root privileges.

CPENameOperatorVersion
comfortel_1200_ip_firmwareeq3.4.4110589

CPE	Name	Operator	Version
	comfortel_1200_ip_firmware	eq	3.4.4110589

References

www.auerswald.de/de/service/81-telefone/schnurgebundene-telefone/1568-comfortel-1200-ip.html

www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_Auerswald_COMfortel_1200_IP.pdf?_=1549376183