Atcom
Products
3- 6 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-58314 | Hig | 0.57 | 8.8 | 0.01 | Dec 12, 2025 | Atcom 100M IP Phones firmware version 2.7.x.x contains an authenticated command injection vulnerability in the web configuration CGI script that allows attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'cmd' parameter in… | ||
| CVE-2011-3340 | 0.03 | — | 0.02 | Oct 21, 2011 | SQL injection vulnerability in ATCOM Netvolution 2.5.8 ASP allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header. | |||
| CVE-2010-4967 | 0.03 | — | 0.02 | Oct 21, 2011 | SQL injection vulnerability in default.asp in ATCOM Netvolution 2.5.6 allows remote attackers to execute arbitrary SQL commands via the artID parameter. | |||
| CVE-2009-5103 | 0.03 | — | 0.03 | Oct 21, 2011 | Cross-site scripting (XSS) vulnerability in ATCOM Netvolution 1.0 ASP allows remote attackers to inject arbitrary web script or HTML via the email variable. | |||
| CVE-2009-5102 | 0.03 | — | 0.02 | Oct 21, 2011 | SQL injection vulnerability in default.asp in ATCOM Netvolution 1.0 ASP allows remote attackers to execute arbitrary SQL commands via the bpe_nid parameter. | |||
| CVE-2019-12328 | 0.00 | — | 0.04 | Jul 22, 2019 | A command injection (missing input validation) issue in the remote phonebook configuration URI in the web interface of the Atcom A10W VoIP phone with firmware 2.6.1a2421 allows an authenticated remote attacker in the same network to trigger OS commands via shell metacharacters… | |||
| CVE-2014-2318 | 0.00 | — | 0.02 | Mar 11, 2014 | SQL injection vulnerability in ATCOM Netvolution 3 allows remote attackers to execute arbitrary SQL commands via the m parameter. | |||
| CVE-2010-4966 | 0.00 | — | 0.01 | Oct 21, 2011 | Cross-site scripting (XSS) vulnerability in default.asp in ATCOM Netvolution allows remote attackers to inject arbitrary web script or HTML via the query parameter in a Search action. |
- risk 0.57cvss 8.8epss 0.01
Atcom 100M IP Phones firmware version 2.7.x.x contains an authenticated command injection vulnerability in the web configuration CGI script that allows attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'cmd' parameter in…
- CVE-2011-3340Oct 21, 2011risk 0.03cvss —epss 0.02
SQL injection vulnerability in ATCOM Netvolution 2.5.8 ASP allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header.
- CVE-2010-4967Oct 21, 2011risk 0.03cvss —epss 0.02
SQL injection vulnerability in default.asp in ATCOM Netvolution 2.5.6 allows remote attackers to execute arbitrary SQL commands via the artID parameter.
- CVE-2009-5103Oct 21, 2011risk 0.03cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in ATCOM Netvolution 1.0 ASP allows remote attackers to inject arbitrary web script or HTML via the email variable.
- CVE-2009-5102Oct 21, 2011risk 0.03cvss —epss 0.02
SQL injection vulnerability in default.asp in ATCOM Netvolution 1.0 ASP allows remote attackers to execute arbitrary SQL commands via the bpe_nid parameter.
- CVE-2019-12328Jul 22, 2019risk 0.00cvss —epss 0.04
A command injection (missing input validation) issue in the remote phonebook configuration URI in the web interface of the Atcom A10W VoIP phone with firmware 2.6.1a2421 allows an authenticated remote attacker in the same network to trigger OS commands via shell metacharacters…
- CVE-2014-2318Mar 11, 2014risk 0.00cvss —epss 0.02
SQL injection vulnerability in ATCOM Netvolution 3 allows remote attackers to execute arbitrary SQL commands via the m parameter.
- CVE-2010-4966Oct 21, 2011risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in default.asp in ATCOM Netvolution allows remote attackers to inject arbitrary web script or HTML via the query parameter in a Search action.