CVE-2025-34333

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 configure the web document root at C:\\F2MAdmin\\F2E with overly permissive file system permissions. Authenticated local users have modify rights on this directory, while the associated web server process...

CVE-2025-34334

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 are vulnerable to an authenticated command injection in the fax test functionality implemented by AudioCodesfiles/TestFax.php. When a fax "send" test is requested, the application builds a faxsender comman...

CVE-2025-34334 AudioCodes Fax/IVR Appliance <= 2.6.23 Authenticated Command Injection via TestFax.php & LPE

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 are vulnerable to an authenticated command injection in the fax test functionality implemented by AudioCodesfiles/TestFax.php. When a fax "send" test is requested, the application builds a faxsender comman...

CVE-2025-34329

CVE-2025-34329 affects AudioCodes Fax Server and Auto-Attendant IVR appliances ≤2.6.23. An unauthenticated backup upload endpoint at AudioCodes_files/ajaxBackupUploadFile.php in the F2MAdmin web interface allows uploading a file to a configured backup path, with no authentication, authorization, ...

CVE-2025-34331 AudioCodes Fax/IVR Appliance <= 2.6.23 Unauthenticated File Read via download.php

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 contain an unauthenticated file read vulnerability via the download.php script. The endpoint exposes a file download mechanism that lacks access control, allowing remote, unauthenticated users to request...

CVE-2025-34328

AudioCodes Fax Server and Auto-Attendant IVR appliances (≤ 2.6.23) expose an unauthenticated script-management endpoint in the web administration component (F2MAdmin) at AudioCodes_files/utils/IVR/diagram/ajaxScript.php. The saveScript action writes attacker-supplied data directly to a server-sid...

CVE-2025-34330

The CVE-2025-34330 entry affects AudioCodes Fax Server and Auto-Attendant IVR appliances up to version 2.6.23. A web admin component (F2MAdmin) exposes an unauthenticated endpoint at AudioCodes_files/utils/IVR/diagram/ajaxPromptUploadFile.php that accepts uploaded files and writes them into C:\F2...

CVE-2025-34333

CVE-2025-34333 affects AudioCodes Fax Server and Auto-Attendant IVR appliances

CVE-2023-22957

An issue was discovered in libacdes3.so on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of hard-coded cryptographic key, an attacker with access to backup or configuration files is able to decrypt encrypted values and retrieve sensitive information, e.g., the device root passwor...

CVE-2022-24631

An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is stored XSS via the ajaxTenants.php desc parameter...

CVE-2022-24632

An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is directory traversal during file download via the BrowseFiles.php view parameter...

CVE-2022-24631

An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is stored XSS via the ajaxTenants.php desc parameter...

CVE-2022-24632

An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is directory traversal during file download via the BrowseFiles.php view parameter...

CVE-2022-24627

An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the processlogin.php login form...

CVE-2022-24629

An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code execution can be achieved via directory traversal in the dir parameter of the file upload functionality of BrowseFiles.php. An attacker can upload a .php file to WebAdmin/admin/AudioCodesfiles/ajax/...

PT-2023-12759 · Audiocodes · Audiocodes Device Manager Express

Name of the Vulnerable Software and Affected Versions: AudioCodes Device Manager Express versions through 7.8.20002.47752 Description: The issue is an unauthenticated SQL injection in the p parameter of the "process login.php" login form. This allows for potential exploitation without the need fo...

PT-2023-12761 · Audiocodes · Audiocodes Device Manager Express

Name of the Vulnerable Software and Affected Versions: AudioCodes Device Manager Express versions through 7.8.20002.47752 Description: An issue allows remote code execution via directory traversal in the dir parameter of the file upload functionality of "BrowseFiles.php". An attacker can upload a...

AudioCodes Device Manager Express 路径遍历漏洞

AudioCodes Device Manager Express is a powerful lifecycle management tool for AudioCodes IP phones, EPOS and Jabra headsets and speakers from AudioCodes Israel. A path traversal vulnerability exists in AudioCodes Device Manager Express 7.8.20002.47752 and prior versions, which stems from a...

AudioCodes Device Manager Express 跨站脚本漏洞

AudioCodes Device Manager Express is a powerful lifecycle management tool for AudioCodes IP Phones, EPOS and Jabra headsets and speakers from AudioCodes Israel. A cross-site scripting vulnerability exists in AudioCodes Device Manager Express 7.8.20002.47752 and prior versions, which originates fr...

AudioCodes Device Manager Express 路径遍历漏洞

AudioCodes Device Manager Express is a powerful lifecycle management tool for AudioCodes IP phones, EPOS and Jabra headsets and speakers from AudioCodes Israel. A path traversal vulnerability exists in AudioCodes Device Manager Express 7.8.20002.47752 and prior versions, which stems from a path...