cve/CVE-2018-5757.md at 18943f3353ca1cc3fd2595afa412856465e29c78

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-12-30 04:49:42 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

An issue was discovered on AudioCodes 450HD IP Phone devices with firmware 3.0.0.535.106. The traceroute and ping functionality, which uses a parameter in a request to command.cgi from the Monitoring page in the web UI, unsafely puts user-alterable data directly into an OS command, leading to Remote Code Execution via shell metacharacters in the query string.

POC

Reference

https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2018-5757

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/H4cksploit/CVEs-master
https://github.com/RhinoSecurityLabs/CVEs
https://github.com/likescam/CVEs_new_by_Rhino-Security-Labs-
https://github.com/merlinepedra/RHINOECURITY-CVEs
https://github.com/merlinepedra25/RHINOSECURITY-CVEs
https://github.com/nattimmis/CVE-Collection
https://github.com/sunzu94/AWS-CVEs

1.2 KiB Raw Blame History

CVE-2018-5757

Description

POC

Reference

Github

1.2 KiB

Raw Blame History