CVE-2018-16216
CVE-2018-16216 describes a command-injection in the monitoring or memory status web interface of AudioCodes 405HD VoIP phones (firmware 2.2.12). The root cause is missing input validation/escaping in a POST handler on the device web server, enabling an authenticated remote attacker on the same ne...