VYPR
Vendor

Auerswald

Products
5
CVEs
8
Across products
8
Status
Private

Products

5

Recent CVEs

8
  • CVE-2021-40859Dec 7, 2021
    risk 0.09cvss epss 0.72

    Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow attackers with access to the web based management application full administrative access to the device.

  • CVE-2021-40856Dec 13, 2021
    risk 0.07cvss epss 0.51

    Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Authentication Bypass via the /about/../ substring.

  • CVE-2009-4067Feb 11, 2020
    risk 0.03cvss epss 0.02

    Buffer overflow in the auerswald_probe function in the Auerswald Linux USB driver for the Linux kernel before 2.6.27 allows physically proximate attackers to execute arbitrary code, cause a denial of service via a crafted USB device, or take full control of the system.

  • CVE-2021-40858Dec 13, 2021
    risk 0.00cvss epss 0.02

    Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Disclosure. A sub-admin can read the cleartext Admin password via the fileName=../../etc/passwd substring.

  • CVE-2021-40857Dec 13, 2021
    risk 0.00cvss epss 0.02

    Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation via the passwd=1 substring.

  • CVE-2018-19978May 29, 2019
    risk 0.00cvss epss 0.04

    A buffer overflow vulnerability in the DHCP and PPPOE configuration interface of the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows a remote attacker (authenticated as simple user in the same network as the device) to trigger remote code execution via a POST request…

  • CVE-2018-19977May 29, 2019
    risk 0.00cvss epss 0.04

    A command injection (missing input validation, escaping) in the ftp upgrade configuration interface on the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows an authenticated remote attacker (simple user) -- in the same network as the device -- to trigger OS commands (like…

  • CVE-2003-1457Dec 31, 2003
    risk 0.00cvss epss 0.01

    Auerswald COMsuite CTI ControlCenter 3.1 creates a default "runasositron" user account with an easily guessable password, which allows local users or remote attackers to gain access.