3 matches found
CVE-2014-3313
Cisco Small Business SPA300/SPA500 Series IP Phones are affected by CVE-2014-3313: an XSS in the web UI allows remote attackers to inject arbitrary script via a crafted URL due to insufficient input validation. Impact is limited to the affected devices’ web interface; Cisco and CERT advisories in...
CVE-2015-0670
Cisco Small Business SPA300 and SPA500 IP phones running firmware version 7.5.5 are affected by CVE-2015-0670 due to improper authentication in the default configuration. A crafted XML request can allow an unauthenticated remote attacker to read audio-stream data or originate telephone calls. The...
CVE-2014-3312
Cisco Small Business SPA300 and SPA500 Series IP Phones are affected by CVE-2014-3312 due to an insufficiently authenticated debug console interface. The vulnerability allows a local attacker to execute arbitrary commands on the debug shell and read/modify data in memory or on the filesystem via ...