VYPR
Vendor

AudioCodes

Products
19
CVEs
34
Across products
51
Status
Private

Products

19

Recent CVEs

34
View all 34 CVEs →
  • CVE-2022-24629CriMay 29, 2023
    risk 0.70cvss 9.8epss 0.37

    An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code execution can be achieved via directory traversal in the dir parameter of the file upload functionality of BrowseFiles.php. An attacker can upload a .php file to…

  • CVE-2022-24627CriMay 29, 2023
    risk 0.69cvss 9.8epss 0.26

    An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form.

  • CVE-2018-10093HigMar 21, 2019
    risk 0.66cvss 8.8epss 0.69

    AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow Remote Code Execution.

  • CVE-2025-32106CriJun 3, 2025
    risk 0.64cvss 9.8epss 0.01

    In Audiocodes Mediapack MP-11x through 6.60A.369.002, a crafted POST request request may result in an unauthenticated remote user's ability to execute unauthorized code.

  • CVE-2018-5757HigApr 1, 2019
    risk 0.58cvss 8.8epss 0.08

    An issue was discovered on AudioCodes 450HD IP Phone devices with firmware 3.0.0.535.106. The traceroute and ping functionality, which uses a parameter in a request to command.cgi from the Monitoring page in the web UI, unsafely puts user-alterable data directly into an OS…

  • CVE-2019-9229HigJul 20, 2019
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address 169.254.254.253 allows attackers in the local network to access multiple…

  • CVE-2019-9231HigJul 18, 2019
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions before 7.20A.202.307. A Cross-Site Request Forgery (CSRF) vulnerability in the management web interface allows remote attackers to execute malicious and…

  • CVE-2018-16219HigApr 25, 2019
    risk 0.57cvss 8.8epss 0.01

    A missing password verification in the web interface in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an remote attacker (in the same network as the device) to change the admin password without authentication via a POST request.

  • CVE-2022-24630HigMay 29, 2023
    risk 0.52cvss 7.2epss 0.24

    An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. BrowseFiles.php allows a ?cmd=ssh POST request with an ssh_command field that is executed.

  • CVE-2018-16216HigApr 25, 2019
    risk 0.52cvss 8.0epss 0.04

    A command injection (missing input validation, escaping) in the monitoring or memory status web interface in AudioCodes 405HD (firmware 2.2.12) VoIP phone allows an authenticated remote attacker in the same network as the device to trigger OS commands (like starting telnetd or…

  • CVE-2023-22955HigAug 11, 2023
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. The validation of firmware images only consists of simple checksum checks for different firmware components. Thus, by knowing how to calculate and where to store the required checksums for the flasher…

  • CVE-2024-52884HigFeb 7, 2025
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered in AudioCodes Mediant Session Border Controller (SBC) before 7.40A.501.841. Due to the use of weak password obfuscation/encryption, an attacker with access to configuration exports (INI) is able to decrypt the passwords.

  • CVE-2024-52883HigFeb 7, 2025
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to a path traversal vulnerability, sensitive data can be read without any authentication.

  • CVE-2024-52881HigFeb 7, 2025
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to the use of a hard-coded key, an attacker is able to decrypt sensitive data such as passwords extracted from the topology file.

  • CVE-2023-22957HigAug 11, 2023
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in libac_des3.so on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of hard-coded cryptographic key, an attacker with access to backup or configuration files is able to decrypt encrypted values and retrieve sensitive information, e.g., the…

  • CVE-2023-22956HigAug 11, 2023
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of a hard-coded cryptographic key, an attacker is able to decrypt encrypted configuration files and retrieve sensitive information.

  • CVE-2019-9228HigJul 19, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A at least to 7.20A.252.062. The (1) management SSH and (2) management TELNET features allow remote attackers to cause a denial of service (connection…

  • CVE-2022-24628HigMay 29, 2023
    risk 0.47cvss 7.2epss 0.01

    An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is authenticated SQL injection in the id parameter of IPPhoneFirmwareEdit.php.

  • CVE-2024-52882MedFeb 7, 2025
    risk 0.40cvss 6.1epss 0.00

    An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to improper neutralization of input via the devices API, an attacker can inject malicious JavaScript code (XSS) to attack logged-in administrator sessions.

  • CVE-2022-24632MedMay 29, 2023
    risk 0.40cvss 5.3epss 0.27

    An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is directory traversal during file download via the BrowseFiles.php view parameter.