CVE-2019-12327

Hardcoded credentials in the Akuvox R50P VoIP phone 50.0.6.156 allow an attacker to get access to the device via telnet. The telnet service is running on port 2323; it cannot be turned off and the credentials cannot be changed.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:akuvox:sp-r50p_firmware:50.0.6.156:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:sp-r50p:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:22

Type Values Removed Values Added
References () https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_Akuvox_R50P.pdf - Exploit, Third Party Advisory () https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_Akuvox_R50P.pdf - Exploit, Third Party Advisory
CVSS v2 : 10.0
v3 : 9.8
v2 : 10.0
v3 : 7.2

Information

Published : 2019-07-22 18:15

Updated : 2024-11-21 04:22


NVD link : CVE-2019-12327

Mitre link : CVE-2019-12327

CVE.ORG link : CVE-2019-12327


JSON object : View

Products Affected

akuvox

  • sp-r50p_firmware
  • sp-r50p
CWE
CWE-798

Use of Hard-coded Credentials