beroNet VoIP Gateways before 3.0.16 have a PHP script that allows downloading arbitrary files, including ones with credentials.
References
Link | Resource |
---|---|
https://beronet.atlassian.net/wiki/spaces/PUB/pages/88768529/Security+Issues | Third Party Advisory |
https://www.heise.de/security/meldung/Angriffe-auf-VoIP-Gateways-von-beroNet-Patch-sorgt-fuer-Sicherheit-3594737.html | Third Party Advisory |
https://beronet.atlassian.net/wiki/spaces/PUB/pages/88768529/Security+Issues | Third Party Advisory |
https://www.heise.de/security/meldung/Angriffe-auf-VoIP-Gateways-von-beroNet-Patch-sorgt-fuer-Sicherheit-3594737.html | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 03:21
Type | Values Removed | Values Added |
---|---|---|
References | () https://beronet.atlassian.net/wiki/spaces/PUB/pages/88768529/Security+Issues - Third Party Advisory | |
References | () https://www.heise.de/security/meldung/Angriffe-auf-VoIP-Gateways-von-beroNet-Patch-sorgt-fuer-Sicherheit-3594737.html - Third Party Advisory |
Information
Published : 2020-07-29 20:15
Updated : 2024-11-21 03:21
NVD link : CVE-2017-18923
Mitre link : CVE-2017-18923
CVE.ORG link : CVE-2017-18923
JSON object : View
Products Affected
beronet
- bf4001t1box
- bfsb4xo4xs
- bfsb2hy
- bfsb2s0
- bfsb4xs
- bn16fxsfax_b
- bf16001e1box
- voice_over_internet_protocol_gateways_firmware
- bf4001e1box
- bf16001t1box
- bf64002t1box
- bfsb2s02xo
- bfsb4xo
- bfsb1s0
- bn16fxsfax_c
- bf64002e1box
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')