Critical severity9.8NVD Advisory· Published Aug 14, 2009· Updated Apr 23, 2026

CVE-2009-1048

Description

The web interface on the snom VoIP phones snom 300, snom 320, snom 360, snom 370, and snom 820 with firmware 6.5 before 6.5.20, 7.1 before 7.1.39, and 7.3 before 7.3.14 allows remote attackers to bypass authentication, and reconfigure the phone or make arbitrary use of the phone, via a (1) http or (2) https request with 127.0.0.1 in the Host header.

Affected products

Snom/Snom 300 Firmware
cpe:2.3:o:snom:snom_300_firmware:*:*:*:*:*:*:*:*
Range: >=6.5,<6.5.20
Snom/Snom 320 Firmware
cpe:2.3:o:snom:snom_320_firmware:*:*:*:*:*:*:*:*
Range: >=6.5,<6.5.20
Snom/Snom 360 Firmware
cpe:2.3:o:snom:snom_360_firmware:*:*:*:*:*:*:*:*
Range: >=6.5,<6.5.20
Snom/Snom 370 Firmware
cpe:2.3:o:snom:snom_370_firmware:*:*:*:*:*:*:*:*
Range: >=6.5,<6.5.20
Snom/Snom 820 Firmware
cpe:2.3:o:snom:snom_820_firmware:*:*:*:*:*:*:*:*
Range: >=6.5,<6.5.20

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/36293nvdBroken LinkVendor Advisory
www.securityfocus.com/archive/1/505723/100/0/threadednvdBroken LinkThird Party AdvisoryVDB Entry
exchange.xforce.ibmcloud.com/vulnerabilities/52424nvdThird Party AdvisoryVDB Entry
www.csnc.ch/misc/files/advisories/cve-2009-1048.txtnvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000