Vulnerabilities (CVE)

Filtered by vendor Audiocodes Subscribe
Filtered by product Median M800b-msbr Firmware
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-9229 1 Audiocodes 8 Median 500-msbr, Median 500-msbr Firmware, Median 500l-msbr and 5 more 2024-11-21 5.8 MEDIUM 8.8 HIGH
An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address 169.254.254.253 allows attackers in the local network to access multiple quagga VTYs. Attackers can authenticate with the default 1234 password that cannot be changed, and can execute malicious and unauthorized actions.
CVE-2019-9228 1 Audiocodes 8 Median 500-msbr, Median 500-msbr Firmware, Median 500l-msbr and 5 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
** DISPUTED ** An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A at least to 7.20A.252.062. The (1) management SSH and (2) management TELNET features allow remote attackers to cause a denial of service (connection slot exhaustion) via 5 unauthenticated connection attempts, because the maximum number of unauthenticated clients that can be configured is 5. NOTE: the vendor's position is that this is a "design choice."