Kyle Burns

4 exploits Active since Jun 2024
CVE-2024-37569 WRITEUP HIGH WORKING POC
Mitel 6869i SIP Firmware < 4.5.0.41 and 5.x <= 5.0.0.1018 - Authenticated Remote Code Execution via Hostname Parameter
An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. A command injection vulnerability exists in the hostname parameter taken in by the provis.html endpoint. The provis.html endpoint performs no sanitization on the hostname parameter (sent by an authenticated user), which is subsequently written to disk. During boot, the hostname parameter is executed as part of a series of shell commands. Attackers can achieve remote code execution in the root context by placing shell metacharacters in the hostname parameter.
CVSS 8.8
CVE-2024-37570 WRITEUP HIGH WORKING POC
Mitel 6869i SIP Firmware 4.5.0.41 - Authenticated Remote Command Execution via Manual Firmware Update
On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.html) page does not perform sanitization on the username and path parameters (sent by an authenticated user) before appending flags to the busybox ftpget command. This leads to $() command execution.
CVSS 8.8
CVE-2024-41710 WRITEUP HIGH WRITEUP
Mitel 6800-6900w Series - Command Injection
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system.
CVSS 7.2
CVE-2025-48027 WRITEUP MEDIUM WRITEUP
MutonUfoAI pGina.Fork < 3.9.9.12 - Authentication Bypass via DNS Spoofing
The HttpAuth plugin in pGina.Fork through 3.9.9.12 allows authentication bypass when an adversary controls DNS resolution for pginaloginserver.
CVSS 5.4