Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
CRLF injection vulnerability in the web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allows remote authenticated users to modify the root password and consequently access the debug port using the serial interface via the ssh-password parameter to page.cmd.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Unify OpenStage SIP和OpenScape Desk Phone IP 安全漏洞
Vulnerability Description
Unify OpenStage SIP和OpenScape Desk Phone IP都是美国优力飞(Unify)公司的IP电话产品。 Unify OpenStage SIP和OpenScape Desk Phone IP V3 R3.32.0之前版本中基于Web的管理界面存在CRLF注入漏洞。远程攻击者可通过向page.cmd URL发送‘ssh-password’参数利用该漏洞更改root密码并使用串行接口访问调试端口。
CVSS Information
N/A
Vulnerability Type
N/A