Auerswald COMpact 5500R 7.8A and 8.0B Devices Backdoor

Auerswald COMpact 5500R 7.8A and 8.0B devices contain an unauthenticated endpoint "https://192.168.1.2/aboutstate", enabling the bad actor to gain backdoor access to a web interface that allows for resetting the administrator password. id: CVE-2021-40859 info: name: Auerswald COMpact 5500R 7.8A a...

SmartNode SN200 Analog Telephone Adapter (ATA) & VoIP Gateway - Command Injection

The SmartNode SN200 Analog Telephone Adapter ATA & VoIP Gateway is vulnerable to command injection. id: CVE-2023-41109 info: name: SmartNode SN200 Analog Telephone Adapter ATA & VoIP Gateway - Command Injection author: princechaddha severity: critical description: | The SmartNode SN200 Analog...

CVE-2026-11498

A vulnerability was found in Tenda HG7HG9 and HG10 300001138enxpon. Affected by this issue is the function aspvoipOtherSet of the file /boaform/voipotherset of the component Web Management Interface. Performing a manipulation of the argument funckeytransfer results in stack-based buffer overflow...

CVE-2026-11498

A vulnerability was found in Tenda HG7HG9 and HG10 300001138enxpon. Affected by this issue is the function aspvoipOtherSet of the file /boaform/voipotherset of the component Web Management Interface. Performing a manipulation of the argument funckeytransfer results in stack-based buffer overflow...

CVE-2026-11498 Tenda HG7HG9/HG10 Web Management voip_other_set asp_voip_OtherSet stack-based overflow

A vulnerability was found in Tenda HG7HG9 and HG10 300001138enxpon. Affected by this issue is the function aspvoipOtherSet of the file /boaform/voipotherset of the component Web Management Interface. Performing a manipulation of the argument funckeytransfer results in stack-based buffer overflow...

EUVD-2026-35028

A vulnerability was found in Tenda HG7HG9 and HG10 300001138enxpon. Affected by this issue is the function aspvoipOtherSet of the file /boaform/voipotherset of the component Web Management Interface. Performing a manipulation of the argument funckeytransfer results in stack-based buffer overflow...

CVE-2026-11498 Tenda HG7HG9/HG10 Web Management voip_other_set asp_voip_OtherSet stack-based overflow

A vulnerability was found in Tenda HG7HG9 and HG10 300001138enxpon. Affected by this issue is the function aspvoipOtherSet of the file /boaform/voipotherset of the component Web Management Interface. Performing a manipulation of the argument funckeytransfer results in stack-based buffer overflow...

CVE-2026-11498

A vulnerability was found in Tenda HG7HG9 and HG10 300001138enxpon. Affected by this issue is the function aspvoipOtherSet of the file /boaform/voipotherset of the component Web Management Interface. Performing a manipulation of the argument funckeytransfer results in stack-based buffer overflow...

CVE-2026-11498

CVE-2026-11498 affects Tenda HG7HG9/HG10 devices (Web Management Interface) due to a stack-based buffer overflow in function asp_voip_OtherSet within the /boaform/voip_other_set module. The issue is triggered by manipulating the funckey_transfer parameter and can be exploited remotely over the ne...

CVE-2026-0826: How an Old Bug Can Feed AI-Powered Impersonation

One of the more persistent myths in security is that old bug classes become old problems. They don’t. They just show up in different places, under different conditions, and usually at the exact moment we’ve convinced ourselves not to pay attention to them. That’s part of what makes enterprise voi...

tenda-hg10-voip-other-set-stack-overflow

Tenda HG10 Stack-based Buffer Overflow Vulnerability Summa...

Solutions VoIP GSVoIP web panel 跨站脚本漏洞

Solutions VoIP GSVoIP web panel is a VoIP management interface from Solutions VoIP. A cross-site scripting vulnerability in the Solutions VoIP GSVoIP web panel version 2.0.90, which stems from improperly cleaned user input for the msg parameter in the /painel/gateways.php/error endpoint, could le...

mad-notifications (=6.0.0rc9), voicetest (>=0.20.0 <=0.47.0) +1 more potentially affected by unknown CVE via telnyx (=4.146.0)

telnyx PYPI version =4.146.0 is affected by a known vulnerability. The following packages have a transitive dependency on telnyx and may be impacted: - mad-notifications =6.0.0rc9 - voicetest =0.20.0, =0.4.0, =0.4.4 Source cves: unknown CVE Source advisory: SNYK:PYTHON-TELNYX-15790745...

CVE-2020-37153

CVE-2020-37153 affects ASTPP 4.0.1. The vulnerability set includes cross-site scripting and command injection in the SIP device configuration and plugin management interfaces. Attackers could inject system commands, hijack administrator sessions, and potentially execute arbitrary code with root p...

CVE-2020-37153 ASTPP VoIP 4.0.1 - Remote Code Execution

ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection in SIP device configuration and plugin management interfaces. Attackers can exploit these flaws to inject system commands, hijack administrator sessions, and potentially execute arbitrary code with...

ASTPP 跨站脚本漏洞

ASTPP is a VoIP billing solution developed by Innextrix Technologies Pvt. Ltd. Version 4.0.1 of ASTPP contains a cross-site scripting vulnerability. This vulnerability stems from cross-site scripting and command injection vulnerabilities in the SIP device configuration and plugin management...

CVE-2025-15542

CVE-2025-15542 describes a DoS in VX800v v1.0’s SIP processing caused by improper handling of exceptional conditions. An attacker can flood the device with crafted INVITE messages, blocking all voice lines and disrupting incoming calls. The issue is documented across multiple sources (NVD/Red Hat...

TP-Link VX800v security vulnerability

The TP-Link VX800v is a VoIP gateway produced by the TP-Link company. The TP-Link VX800v 1.0 version has a security vulnerability. This vulnerability stems from improper parsing of USB HTTP access path links, which may allow custom USB devices to expose the contents of the root file system...

[SECURITY] Fedora 43 Update: coturn-4.7.0-4.fc43

The Coturn TURN Server is a VoIP media traffic NAT traversal server and gatew ay. It can be used as a general-purpose network traffic TURN server/gateway, too. This implementation also includes some extra features. Supported RFCs: TURN specs: - RFC 5766 - base TURN specs - RFC 6062 - TCP relaying...

CVE-2017-18923

beroNet VoIP Gateways before 3.0.16 have a PHP script that allows downloading arbitrary files, including ones with credentials...