Auerswald COMsuite CTI ControlCenter 3.1 creates a default "runasositron" user account with an easily guessable password, which allows local users or remote attackers to gain access.
7.1AI Score
0.001EPSS
A command injection (missing input validation, escaping) in the ftp upgrade configuration interface on the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows an authenticated remote attacker (simple user) -- in the same network as the device -- to trigger OS commands (like starting telnetd or ope...
8CVSS
8AI Score
0.001EPSS
A buffer overflow vulnerability in the DHCP and PPPOE configuration interface of the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows a remote attacker (authenticated as simple user in the same network as the device) to trigger remote code execution via a POST request (ManufacturerName paramete...
8CVSS
8.3AI Score
0.002EPSS
Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Authentication Bypass via the /about/../ substring.
7.5CVSS
7.6AI Score
0.251EPSS
Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation via the passwd=1 substring.
8.8CVSS
8.7AI Score
0.014EPSS
Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Disclosure. A sub-admin can read the cleartext Admin password via the fileName=../../etc/passwd substring.
4.9CVSS
5.2AI Score
0.018EPSS
Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow attackers with access to the web based management application full administrative access to the device.
9.8CVSS
9.3AI Score
0.033EPSS