Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A command injection (missing input validation, escaping) in the ftp upgrade configuration interface on the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows an authenticated remote attacker (simple user) -- in the same network as the device -- to trigger OS commands (like starting telnetd or opening a reverse shell) via a POST request to the web server.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Auerswald COMfort 1200 IP phone 命令操作系统命令注入漏洞
Vulnerability Description
Auerswald COMfort 1200 IP phone是德国Auerswald公司的一款IP电话机。 Auerswald COMfort 1200 IP phone 3.4.4.1-10589版本中的ftp升级配置界面存在命令操作系统命令注入漏洞。该漏洞源于外部输入数据构造可执行命令过程中,网络系统或产品未正确过滤其中的特殊元素。攻击者可利用该漏洞执行非法命令。
CVSS Information
N/A
Vulnerability Type
N/A