104 matches found
CVE-2023-0351
The Akuvox E11 web server backend library allows command injection in the device phone-book contacts functionality. This could allow an attacker to upload files with executable command instructions...
Design/Logic Flaw
The Akuvox E11 Media Access Control MAC address, a primary identifier, combined with the Akuvox E11 IP address, could allow an attacker to identify the device on the Akuvox cloud...
Default credentials
The Akuvox E11 secure shell SSH server is enabled by default and can be accessed by the root user. This password cannot be changed by the user...
Design/Logic Flaw
The Akuvox E11 libvoice library provides unauthenticated access to the camera capture for image and video. This could allow an attacker to view and record image and video from the camera...
Design/Logic Flaw
Akuvox E11 cloud login is performed through an unencrypted HTTP connection. An attacker could gain access to the Akuvox cloud and device if the MAC address of a device if known...
Authentication flaw
The Akuvox E11 web server can be accessed without any user authentication, and this could allow an attacker to access sensitive information, as well as create and download packet captures with known default URLs...
Default credentials
The Akuvox E11 password recovery webpage can be accessed without authentication, and an attacker could download the device key file. An attacker could then use this page to reset the password back to the default...
CVE-2023-0345
CVE-2023-0345 (Akuvox E11) : The vulnerability is due to the SSH server being enabled by default and accessible as root with a password that cannot be changed. Reported in multiple sources, including the RT-ICS briefing and Red Hat advisories, it carries a high impact (C/H/I/H) and a base CVSS v3...
CVE-2023-0345 CVE-2023-0345
The Akuvox E11 secure shell SSH server is enabled by default and can be accessed by the root user. This password cannot be changed by the user...
CVE-2023-0345 CVE-2023-0345
The Akuvox E11 secure shell SSH server is enabled by default and can be accessed by the root user. This password cannot be changed by the user...
CVE-2023-0346
Summary: CVE-2023-0346 affects Akuvox E11 cloud login via an unencrypted HTTP connection, enabling potential access to the Akuvox cloud and device if the MAC address is known. The issue is categorized as improper authentication (CWE-287) and is part of a broader set of vulnerabilities affecting A...
CVE-2023-0346 CVE-2023-0346
Akuvox E11 cloud login is performed through an unencrypted HTTP connection. An attacker could gain access to the Akuvox cloud and device if the MAC address of a device if known...
CVE-2023-0346 CVE-2023-0346
Akuvox E11 cloud login is performed through an unencrypted HTTP connection. An attacker could gain access to the Akuvox cloud and device if the MAC address of a device if known...
CVE-2023-0347
The CVE-2023-0347 entry concerns Akuvox E11 devices. The vulnerability is exposure/identification of a device on Akuvox cloud by combining the MAC address with the E11 IP address (information disclosure). Affected product: Akuvox E11 (all versions). Impact: enables attacker to identify devices on...
CVE-2023-0347 CVE-2023-0347
The Akuvox E11 Media Access Control MAC address, a primary identifier, combined with the Akuvox E11 IP address, could allow an attacker to identify the device on the Akuvox cloud...
CVE-2023-0347 CVE-2023-0347
The Akuvox E11 Media Access Control MAC address, a primary identifier, combined with the Akuvox E11 IP address, could allow an attacker to identify the device on the Akuvox cloud...
CVE-2023-0348
CVE-2023-0348 affects Akuvox E11. The vulnerability is improper access control in the SIP servers, allowing direct SIP calls without enforcement of access controls and enabling an attacker to contact any device within Akuvox to call another device. The issue has a high impact (CVSS v3 base score ...
CVE-2023-0348 CVE-2023-0348
Akuvox E11 allows direct SIP calls. No access control is enforced by the SIP servers, which could allow an attacker to contact any device within Akuvox to call any other device...
CVE-2023-0348 CVE-2023-0348
Akuvox E11 allows direct SIP calls. No access control is enforced by the SIP servers, which could allow an attacker to contact any device within Akuvox to call any other device...
CVE-2023-0349
CVE-2023-0349 affects Akuvox E11 due to unauthenticated access in the libvoice library, enabling viewing/recording of camera captures. Affected: Akuvox E11 (libvoice). Vulnerability category: missing authentication for critical function (CWE-862) as described in the ics advisory. Impact: unauthor...