High severity7.5NVD Advisory· Published Jun 10, 2016· Updated May 6, 2026

CVE-2016-1421

Description

A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to check the bounds of input data. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.

Affected products

Cisco Systems, Inc./Ip Phone 8800 Series Firmware
cpe:2.3:o:cisco:ip_phone_8800_series_firmware:11.0\(1\):*:*:*:*:*:*:*
Cisco/Cisco IP Phonesv5
Range: 11.7(1)

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.005
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000