cbcvebase.

Audiocodes Device Manager Express vulnerabilities

6 known vulnerabilities affecting audiocodes/device_manager_express.

Total CVEs
6
CISA KEV
0
Public exploits
5
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2022-24629P2CRITICALCVSS 9.8PoC≤ 7.8.20002.477522023-05-29
CVE-2022-24629 [CRITICAL] CWE-22 CVE-2022-24629: An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code ex An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code execution can be achieved via directory traversal in the dir parameter of the file upload functionality of BrowseFiles.php. An attacker can upload a .php file to WebAdmin/admin/AudioCodes_files/ajax/.
nvd
CVE-2022-24627P2CRITICALCVSS 9.8PoC≤ 7.8.20002.477522023-05-29
CVE-2022-24627 [CRITICAL] CWE-89 CVE-2022-24627: An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unaut An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form.
nvd
CVE-2022-24630P2HIGHCVSS 7.2PoC≤ 7.8.20002.477522023-05-29
CVE-2022-24630 [HIGH] CWE-77 CVE-2022-24630: An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. BrowseFiles.ph An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. BrowseFiles.php allows a ?cmd=ssh POST request with an ssh_command field that is executed.
nvd
CVE-2022-24632P3MEDIUMCVSS 5.3PoC≤ 7.8.20002.477522023-05-29
CVE-2022-24632 [MEDIUM] CWE-22 CVE-2022-24632: An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is director An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is directory traversal during file download via the BrowseFiles.php view parameter.
nvd
CVE-2022-24631P3MEDIUMCVSS 5.4PoC≤ 7.8.20002.477522023-05-29
CVE-2022-24631 [MEDIUM] CWE-79 CVE-2022-24631: An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is stored X An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is stored XSS via the ajaxTenants.php desc parameter.
nvd
CVE-2022-24628P3HIGHCVSS 7.2≤ 7.8.20002.477522023-05-29
CVE-2022-24628 [HIGH] CWE-89 CVE-2022-24628: An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is authenti An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is authenticated SQL injection in the id parameter of IPPhoneFirmwareEdit.php.
nvd
Audiocodes Device Manager Express vulnerabilities | cvebase