2 matches found
CVE-2025-34334 AudioCodes Fax/IVR Appliance <= 2.6.23 Authenticated Command Injection via TestFax.php & LPE
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 are vulnerable to an authenticated command injection in the fax test functionality implemented by AudioCodesfiles/TestFax.php. When a fax "send" test is requested, the application builds a faxsender comman...
CVE-2025-34331 AudioCodes Fax/IVR Appliance <= 2.6.23 Unauthenticated File Read via download.php
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 contain an unauthenticated file read vulnerability via the download.php script. The endpoint exposes a file download mechanism that lacks access control, allowing remote, unauthenticated users to request...