EUVD-2007-5761

Malware in sbrugna...

EUVD-2008-2089

Malware in sbrugna...

Cisco Warns of Vulnerability in Popular Phone Adapter, Urges Migration to Newer Model

Cisco has warned of a critical security flaw in SPA112 2-Port Phone Adapters that it said could be exploited by a remote attacker to execute arbitrary code on affected devices. The issue, tracked as CVE-2023-20126, is rated 9.8 out of a maximum of 10 on the CVSS scoring system. The company credit...

CVE-2023-20126

Cisco SPA112 (2-Port) has a remote command execution vulnerability (CVE-2023-20126) due to a missing authentication step in the firmware upgrade flow. An unauthenticated attacker can upgrade to crafted firmware to run arbitrary code with full privileges. A PoC exists (RancidCrisco) that gains a r...

Cisco ATA 190 LLDP Packet Input Validation Error Vulnerability

The Cisco ATA 190 is an analog phone adapter from Cisco, U.S.A. An input validation error vulnerability exists in the Cisco ATA 190 Series, which stems from a lack of length validation in certain LLDP packet header fields. An unauthenticated, remote attacker could exploit the vulnerability to...

Cisco ATA 190 Series Protocol Packet Input Validation Error Vulnerability

The ATA 190, ATA 191, and ATA 192 is a Cisco ATA 190 series analog phone adapter. An input validation error vulnerability exists in the Cisco ATA 190 local deployment only, ATA 191 local deployment or multi-platform deployment, and ATA 192 multi-platform deployment only, which stems from a securi...

Cisco ATA 190 输入验证错误漏洞

ATA 190, ATA 191, ATA 192 is a Cisco ATA 190 Series analog phone adapter.An input validation error vulnerability exists in the Cisco ATA 190 Series, which stems from a lack of length validation checks when processing Cisco Discovery Protocol messages, and can be exploited by an unauthenticated,...

Grandstream HT800 series OS Command Injection Vulnerability

The Grandstream HT800 series is an HT800 series analog phone adapter from Grandstream. An operating system command injection vulnerability exists in the Grandstream HT800 series using firmware version 1.0.17.5 and earlier. This vulnerability can be exploited to execute arbitrary commands as root ...

CVE-2009-5140

Technical details are not publicly available in the provided documents for CVE-2009-5140. Monitor for updates.

Cisco SPA100 Cross-Site Scripting Vulnerability

The Cisco SPA100 Series is an analog phone adapter from Cisco that allows your standard analog phone to access Internet telephony services through an RJ-11 phone port. A cross-site scripting vulnerability exists in the web-based management interface of Cisco SPA100 Series 1.4.1 SR3 and earlier. T...

Cisco SPA100 Series Analog Telephone Adapter Multiple Arbitrary Code Execution Vulnerabilities

Description Cisco SPA100 Series Analog Telephone Adapter is prone to multiple arbitrary code-execution vulnerabilities. Successfully exploiting these issues will allow attackers to execute arbitrary code with elevated privileges. These issues are being tracked by Cisco Bug ID CSCvq50494...

Cross site scripting

A vulnerability in the web-based interface of the Cisco SPA112 2-Port Phone Adapter could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against another user of the device. The vulnerability is due to insufficient validation of user-supplied input by the...

Cisco SPA112 2-Port Phone Adapter Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based interface of the Cisco SPA112 2-Port Phone Adapter could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against another user of the device. The vulnerability is due to insufficient validation of user-supplied input by the...

Zoom VoIP Phone Adapater ATA1+1 1.2.5 - CSRF Exploit

No description provided by source. Written By Michael Brooks Special thanks to str0ke! Zoom VoIP Phone Adapater ATA1+1 XSRF voip provider change xsrf version 1.2.5 html form action=http://10.1.1.165/callwzd.html method=post input name=DIRTYPAGE value=3 input name=HELPPAGE value=html.html input...

D-Link VoIP Phone Adapter - XSS/CSRF Remote Firmware Overwrite

No description provided by source. D-link VoIP Phone Adapter XSS and XSRFremote firmware overwrite model number: DVG-2001s f/w version 1.00.007 Better than just remote code execution, you control the firmware. html form action=http://10.1.1.166/Forms/cbiSetSWUpdate?16640,0,0,0,0,0,0,0,0 method=PO...

D-Link VoIP Phone Adapter XSRF / XSS

D-link VoIP Phone Adapter XSS and XSRFremote firmware overwrite model number: DVG-2001s f/w version 1.00.007 Better than just remote code execution, you control the firmware. and xss which can be used for csrf bypass:...

Zoom VoIP Phone Adapater ATA1+1 1.2.5 XSRF Exploit

Exploit for hardware platform in category remote exploits ================================================== Zoom VoIP Phone Adapater ATA1+1 1.2.5 XSRF Exploit ================================================== Written By Michael Brooks Special thanks to str0ke! Zoom VoIP Phone Adapater ATA1+1 XS...

D-Link VoIP Phone Adapter - Cross-Site Scripting / Cross-Site Request Forgery Remote Firmware Overwrite

D-link VoIP Phone Adapter XSS and XSRFremote firmware overwrite model number: DVG-2001s f/w version 1.00.007 Better than just remote code execution, you control the firmware. and xss which can be used for csrf bypass:...

D-Link VoIP Phone Adapter - Cross-Site Scripting Cross-Site Request Forgery Remote Firmware Overwrite

D-Link VoIP Phone Adapter - Cross-Site Scripting Cross-Site Request Forgery Remote Firmware Overwrite D-link VoIP Phone Adapter XSS and XSRFremote firmware overwrite model number: DVG-2001s f/w version 1.00.007 Better than just remote code execution, you control the firmware. and xss which can be...

Code injection

Linksys SPA-2102 Phone Adapter 3.3.6 allows remote attackers to cause a denial of service crash via a long ping packet "ping of death". NOTE: the severity of this issue has been disputed since there are limited attack scenarios...