cbcvebase.
CVE-2018-10093
published 2019-03-21

CVE-2018-10093: AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow Remote Code Execution.

PriorityP279high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
68.68%
99.3th percentile
AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow Remote Code Execution.

Affected

1 ranges
VendorProductVersion rangeFixed in
audiocodes420hd_ip_phone_firmware

Detection & IOCsextracted from sources · hover to see the quote

url/command.cgi?cat%20/etc/passwd
path/command.cgi
versionAudioCodes 420HD firmware 2.2.12.126
yara
regex: admin:.*:*sh$
  • Detect exploitation attempts by monitoring HTTP GET requests to /command.cgi with command injection payloads in the query string (e.g., URL-encoded shell commands such as cat%20/etc/passwd).
  • A successful exploit response will contain a passwd-file entry matching the pattern 'admin:.*:*sh$' with HTTP status 200, indicating unauthenticated or authenticated RCE via the CGI endpoint.
  • The vulnerable CGI endpoint is only accessible to authenticated users; monitor for brute-force or credential-stuffing attempts against the admin interface prior to /command.cgi access.
  • ·Exploitation requires authentication as admin; the attack surface is limited to users who have obtained the admin configuration password.
  • ·Vulnerability has only been confirmed on the 420HD model running firmware 2.2.12.126; other 400HD series models or firmware versions have not been tested.

CVSS provenance

nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.