CVE-2017-18923

beroNet VoIP Gateways before 3.0.16 have a PHP script that allows downloading arbitrary files, including ones with credentials.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:beronet:voice_over_internet_protocol_gateways_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:beronet:bf16001e1box:-:*:*:*:*:*:*:*
cpe:2.3:h:beronet:bf16001t1box:-:*:*:*:*:*:*:*
cpe:2.3:h:beronet:bf4001e1box:-:*:*:*:*:*:*:*
cpe:2.3:h:beronet:bf4001t1box:-:*:*:*:*:*:*:*
cpe:2.3:h:beronet:bf64002e1box:-:*:*:*:*:*:*:*
cpe:2.3:h:beronet:bf64002t1box:-:*:*:*:*:*:*:*
cpe:2.3:h:beronet:bfsb1s0:-:*:*:*:*:*:*:*
cpe:2.3:h:beronet:bfsb2hy:-:*:*:*:*:*:*:*
cpe:2.3:h:beronet:bfsb2s0:-:*:*:*:*:*:*:*
cpe:2.3:h:beronet:bfsb2s02xo:-:*:*:*:*:*:*:*
cpe:2.3:h:beronet:bfsb4xo:-:*:*:*:*:*:*:*
cpe:2.3:h:beronet:bfsb4xo4xs:-:*:*:*:*:*:*:*
cpe:2.3:h:beronet:bfsb4xs:-:*:*:*:*:*:*:*
cpe:2.3:h:beronet:bn16fxsfax_b:-:*:*:*:*:*:*:*
cpe:2.3:h:beronet:bn16fxsfax_c:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:21

Type Values Removed Values Added
References () https://beronet.atlassian.net/wiki/spaces/PUB/pages/88768529/Security+Issues - Third Party Advisory () https://beronet.atlassian.net/wiki/spaces/PUB/pages/88768529/Security+Issues - Third Party Advisory
References () https://www.heise.de/security/meldung/Angriffe-auf-VoIP-Gateways-von-beroNet-Patch-sorgt-fuer-Sicherheit-3594737.html - Third Party Advisory () https://www.heise.de/security/meldung/Angriffe-auf-VoIP-Gateways-von-beroNet-Patch-sorgt-fuer-Sicherheit-3594737.html - Third Party Advisory

Information

Published : 2020-07-29 20:15

Updated : 2024-11-21 03:21


NVD link : CVE-2017-18923

Mitre link : CVE-2017-18923

CVE.ORG link : CVE-2017-18923


JSON object : View

Products Affected

beronet

  • bf4001t1box
  • bfsb4xo4xs
  • bfsb2hy
  • bfsb2s0
  • bfsb4xs
  • bn16fxsfax_b
  • bf16001e1box
  • voice_over_internet_protocol_gateways_firmware
  • bf4001e1box
  • bf16001t1box
  • bf64002t1box
  • bfsb2s02xo
  • bfsb4xo
  • bfsb1s0
  • bn16fxsfax_c
  • bf64002e1box
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')