Vendor CVEs
AudioCodes
All CVEs
34 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-24629 | Cri | 0.70 | 9.8 | 0.37 | May 29, 2023 | An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code execution can be achieved via directory traversal in the dir parameter of the file upload functionality of BrowseFiles.php. An attacker can upload a .php file to… | ||
| CVE-2022-24627 | Cri | 0.69 | 9.8 | 0.26 | May 29, 2023 | An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form. | ||
| CVE-2018-10093 | Hig | 0.66 | 8.8 | 0.69 | Mar 21, 2019 | AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow Remote Code Execution. | ||
| CVE-2025-32106 | Cri | 0.64 | 9.8 | 0.01 | Jun 3, 2025 | In Audiocodes Mediapack MP-11x through 6.60A.369.002, a crafted POST request request may result in an unauthenticated remote user's ability to execute unauthorized code. | ||
| CVE-2018-5757 | Hig | 0.58 | 8.8 | 0.08 | Apr 1, 2019 | An issue was discovered on AudioCodes 450HD IP Phone devices with firmware 3.0.0.535.106. The traceroute and ping functionality, which uses a parameter in a request to command.cgi from the Monitoring page in the web UI, unsafely puts user-alterable data directly into an OS… | ||
| CVE-2019-9229 | Hig | 0.57 | 8.8 | 0.01 | Jul 20, 2019 | An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address 169.254.254.253 allows attackers in the local network to access multiple… | ||
| CVE-2019-9231 | Hig | 0.57 | 8.8 | 0.01 | Jul 18, 2019 | An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions before 7.20A.202.307. A Cross-Site Request Forgery (CSRF) vulnerability in the management web interface allows remote attackers to execute malicious and… | ||
| CVE-2018-16219 | Hig | 0.57 | 8.8 | 0.01 | Apr 25, 2019 | A missing password verification in the web interface in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an remote attacker (in the same network as the device) to change the admin password without authentication via a POST request. | ||
| CVE-2022-24630 | Hig | 0.52 | 7.2 | 0.24 | May 29, 2023 | An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. BrowseFiles.php allows a ?cmd=ssh POST request with an ssh_command field that is executed. | ||
| CVE-2018-16216 | Hig | 0.52 | 8.0 | 0.04 | Apr 25, 2019 | A command injection (missing input validation, escaping) in the monitoring or memory status web interface in AudioCodes 405HD (firmware 2.2.12) VoIP phone allows an authenticated remote attacker in the same network as the device to trigger OS commands (like starting telnetd or… | ||
| CVE-2023-22955 | Hig | 0.51 | 7.8 | 0.00 | Aug 11, 2023 | An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. The validation of firmware images only consists of simple checksum checks for different firmware components. Thus, by knowing how to calculate and where to store the required checksums for the flasher… | ||
| CVE-2024-52884 | Hig | 0.49 | 7.5 | 0.00 | Feb 7, 2025 | An issue was discovered in AudioCodes Mediant Session Border Controller (SBC) before 7.40A.501.841. Due to the use of weak password obfuscation/encryption, an attacker with access to configuration exports (INI) is able to decrypt the passwords. | ||
| CVE-2024-52883 | Hig | 0.49 | 7.5 | 0.01 | Feb 7, 2025 | An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to a path traversal vulnerability, sensitive data can be read without any authentication. | ||
| CVE-2024-52881 | Hig | 0.49 | 7.5 | 0.00 | Feb 7, 2025 | An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to the use of a hard-coded key, an attacker is able to decrypt sensitive data such as passwords extracted from the topology file. | ||
| CVE-2023-22957 | Hig | 0.49 | 7.5 | 0.01 | Aug 11, 2023 | An issue was discovered in libac_des3.so on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of hard-coded cryptographic key, an attacker with access to backup or configuration files is able to decrypt encrypted values and retrieve sensitive information, e.g., the… | ||
| CVE-2023-22956 | Hig | 0.49 | 7.5 | 0.01 | Aug 11, 2023 | An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of a hard-coded cryptographic key, an attacker is able to decrypt encrypted configuration files and retrieve sensitive information. | ||
| CVE-2019-9228 | Hig | 0.49 | 7.5 | 0.02 | Jul 19, 2019 | An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A at least to 7.20A.252.062. The (1) management SSH and (2) management TELNET features allow remote attackers to cause a denial of service (connection… | ||
| CVE-2022-24628 | Hig | 0.47 | 7.2 | 0.01 | May 29, 2023 | An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is authenticated SQL injection in the id parameter of IPPhoneFirmwareEdit.php. | ||
| CVE-2024-52882 | Med | 0.40 | 6.1 | 0.00 | Feb 7, 2025 | An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to improper neutralization of input via the devices API, an attacker can inject malicious JavaScript code (XSS) to attack logged-in administrator sessions. | ||
| CVE-2022-24632 | Med | 0.40 | 5.3 | 0.27 | May 29, 2023 | An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is directory traversal during file download via the BrowseFiles.php view parameter. | ||
| CVE-2019-9230 | Med | 0.40 | 6.1 | 0.01 | Jul 18, 2019 | An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.253. A cross-site scripting (XSS) vulnerability in the search function of the management web interface allows remote attackers to inject… | ||
| CVE-2018-16220 | Med | 0.40 | 6.1 | 0.01 | Apr 25, 2019 | Cross Site Scripting in different input fields (domain field and personal settings) in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an attacker (local or remote) to inject JavaScript into the web interface of the device by manipulating the phone book entries or… | ||
| CVE-2022-24631 | Med | 0.39 | 5.4 | 0.43 | May 29, 2023 | An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is stored XSS via the ajaxTenants.php desc parameter. | ||
| CVE-2018-18567 | Med | 0.38 | 5.9 | 0.01 | Oct 24, 2018 | AudioCodes 440HD and 450HD devices 3.1.2.89 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business. | ||
| CVE-2024-48197 | Med | 0.31 | 4.7 | 0.01 | Jan 2, 2025 | Cross Site Scripting vulnerability in Audiocodes MP-202b v.4.4.3 allows a remote attacker to escalate privileges via the login page of the web interface. | ||
| CVE-2018-10091 | Med | 0.31 | 4.8 | 0.01 | Mar 21, 2019 | AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow XSS. | ||
| CVE-2025-34335 | 0.00 | — | 0.03 | Nov 19, 2025 | AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 expose an authenticated command injection vulnerability in the license activation workflow handled by AudioCodes_files/ActivateLicense.php. When a license file is uploaded, the… | |||
| CVE-2025-34334 | 0.00 | — | 0.03 | Nov 19, 2025 | AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 are vulnerable to an authenticated command injection in the fax test functionality implemented by AudioCodes_files/TestFax.php. When a fax "send" test is requested, the application… | |||
| CVE-2025-34332 | 0.00 | — | 0.00 | Nov 19, 2025 | AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component that controls back-end Windows services using helper batch scripts located under C:\\F2MAdmin\\F2E\\AudioCodes_files\\utils\\Services. When certain… | |||
| CVE-2025-34329 | 0.00 | — | 0.01 | Nov 19, 2025 | AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 expose an unauthenticated backup upload endpoint at AudioCodes_files/ajaxBackupUploadFile.php in the F2MAdmin web interface. The script derives a backup folder path from application… | |||
| CVE-2025-34331 | 0.00 | — | 0.00 | Nov 19, 2025 | AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 contain an unauthenticated file read vulnerability via the download.php script. The endpoint exposes a file download mechanism that lacks access control, allowing remote, unauthenticated… | |||
| CVE-2025-34328 | 0.00 | — | 0.01 | Nov 19, 2025 | AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component (F2MAdmin) that exposes an unauthenticated script-management endpoint at AudioCodes_files/utils/IVR/diagram/ajaxScript.php. The saveScript action… | |||
| CVE-2025-34330 | 0.00 | — | 0.00 | Nov 19, 2025 | AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component (F2MAdmin) that exposes an unauthenticated prompt upload endpoint at AudioCodes_files/utils/IVR/diagram/ajaxPromptUploadFile.php. The script… | |||
| CVE-2025-34333 | 0.00 | — | 0.00 | Nov 19, 2025 | AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 configure the web document root at C:\\F2MAdmin\\F2E with overly permissive file system permissions. Authenticated local users have modify rights on this directory, while the associated… |
- risk 0.70cvss 9.8epss 0.37
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code execution can be achieved via directory traversal in the dir parameter of the file upload functionality of BrowseFiles.php. An attacker can upload a .php file to…
- risk 0.69cvss 9.8epss 0.26
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form.
- risk 0.66cvss 8.8epss 0.69
AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow Remote Code Execution.
- risk 0.64cvss 9.8epss 0.01
In Audiocodes Mediapack MP-11x through 6.60A.369.002, a crafted POST request request may result in an unauthenticated remote user's ability to execute unauthorized code.
- risk 0.58cvss 8.8epss 0.08
An issue was discovered on AudioCodes 450HD IP Phone devices with firmware 3.0.0.535.106. The traceroute and ping functionality, which uses a parameter in a request to command.cgi from the Monitoring page in the web UI, unsafely puts user-alterable data directly into an OS…
- risk 0.57cvss 8.8epss 0.01
An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address 169.254.254.253 allows attackers in the local network to access multiple…
- risk 0.57cvss 8.8epss 0.01
An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions before 7.20A.202.307. A Cross-Site Request Forgery (CSRF) vulnerability in the management web interface allows remote attackers to execute malicious and…
- risk 0.57cvss 8.8epss 0.01
A missing password verification in the web interface in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an remote attacker (in the same network as the device) to change the admin password without authentication via a POST request.
- risk 0.52cvss 7.2epss 0.24
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. BrowseFiles.php allows a ?cmd=ssh POST request with an ssh_command field that is executed.
- risk 0.52cvss 8.0epss 0.04
A command injection (missing input validation, escaping) in the monitoring or memory status web interface in AudioCodes 405HD (firmware 2.2.12) VoIP phone allows an authenticated remote attacker in the same network as the device to trigger OS commands (like starting telnetd or…
- risk 0.51cvss 7.8epss 0.00
An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. The validation of firmware images only consists of simple checksum checks for different firmware components. Thus, by knowing how to calculate and where to store the required checksums for the flasher…
- risk 0.49cvss 7.5epss 0.00
An issue was discovered in AudioCodes Mediant Session Border Controller (SBC) before 7.40A.501.841. Due to the use of weak password obfuscation/encryption, an attacker with access to configuration exports (INI) is able to decrypt the passwords.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to a path traversal vulnerability, sensitive data can be read without any authentication.
- risk 0.49cvss 7.5epss 0.00
An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to the use of a hard-coded key, an attacker is able to decrypt sensitive data such as passwords extracted from the topology file.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in libac_des3.so on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of hard-coded cryptographic key, an attacker with access to backup or configuration files is able to decrypt encrypted values and retrieve sensitive information, e.g., the…
- risk 0.49cvss 7.5epss 0.01
An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of a hard-coded cryptographic key, an attacker is able to decrypt encrypted configuration files and retrieve sensitive information.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A at least to 7.20A.252.062. The (1) management SSH and (2) management TELNET features allow remote attackers to cause a denial of service (connection…
- risk 0.47cvss 7.2epss 0.01
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is authenticated SQL injection in the id parameter of IPPhoneFirmwareEdit.php.
- risk 0.40cvss 6.1epss 0.00
An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to improper neutralization of input via the devices API, an attacker can inject malicious JavaScript code (XSS) to attack logged-in administrator sessions.
- risk 0.40cvss 5.3epss 0.27
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is directory traversal during file download via the BrowseFiles.php view parameter.
- risk 0.40cvss 6.1epss 0.01
An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.253. A cross-site scripting (XSS) vulnerability in the search function of the management web interface allows remote attackers to inject…
- risk 0.40cvss 6.1epss 0.01
Cross Site Scripting in different input fields (domain field and personal settings) in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an attacker (local or remote) to inject JavaScript into the web interface of the device by manipulating the phone book entries or…
- risk 0.39cvss 5.4epss 0.43
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is stored XSS via the ajaxTenants.php desc parameter.
- risk 0.38cvss 5.9epss 0.01
AudioCodes 440HD and 450HD devices 3.1.2.89 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business.
- risk 0.31cvss 4.7epss 0.01
Cross Site Scripting vulnerability in Audiocodes MP-202b v.4.4.3 allows a remote attacker to escalate privileges via the login page of the web interface.
- risk 0.31cvss 4.8epss 0.01
AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow XSS.
- CVE-2025-34335Nov 19, 2025risk 0.00cvss —epss 0.03
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 expose an authenticated command injection vulnerability in the license activation workflow handled by AudioCodes_files/ActivateLicense.php. When a license file is uploaded, the…
- CVE-2025-34334Nov 19, 2025risk 0.00cvss —epss 0.03
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 are vulnerable to an authenticated command injection in the fax test functionality implemented by AudioCodes_files/TestFax.php. When a fax "send" test is requested, the application…
- CVE-2025-34332Nov 19, 2025risk 0.00cvss —epss 0.00
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component that controls back-end Windows services using helper batch scripts located under C:\\F2MAdmin\\F2E\\AudioCodes_files\\utils\\Services. When certain…
- CVE-2025-34329Nov 19, 2025risk 0.00cvss —epss 0.01
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 expose an unauthenticated backup upload endpoint at AudioCodes_files/ajaxBackupUploadFile.php in the F2MAdmin web interface. The script derives a backup folder path from application…
- CVE-2025-34331Nov 19, 2025risk 0.00cvss —epss 0.00
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 contain an unauthenticated file read vulnerability via the download.php script. The endpoint exposes a file download mechanism that lacks access control, allowing remote, unauthenticated…
- CVE-2025-34328Nov 19, 2025risk 0.00cvss —epss 0.01
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component (F2MAdmin) that exposes an unauthenticated script-management endpoint at AudioCodes_files/utils/IVR/diagram/ajaxScript.php. The saveScript action…
- CVE-2025-34330Nov 19, 2025risk 0.00cvss —epss 0.00
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component (F2MAdmin) that exposes an unauthenticated prompt upload endpoint at AudioCodes_files/utils/IVR/diagram/ajaxPromptUploadFile.php. The script…
- CVE-2025-34333Nov 19, 2025risk 0.00cvss —epss 0.00
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 configure the web document root at C:\\F2MAdmin\\F2E with overly permissive file system permissions. Authenticated local users have modify rights on this directory, while the associated…