CVE-2018-10093

HIGH NUCLEI

AudioCodes IP phone 420HD <2.2.12.126 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-10093. PoCs published by Sysdream. A Nuclei detection template is also available.

AI-analyzed exploit summary The writeup describes a remote command injection vulnerability (CVE-2018-10093) in AudioCodes 400HD IP phones, specifically the `command.cgi` script, which allows authenticated attackers to execute arbitrary commands. The vulnerability is demonstrated with an example of reading `/etc/passwd`.

Description

AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow Remote Code Execution.

Exploits (1)

exploitdb WRITEUP
by Sysdream · textwebappscgi
https://www.exploit-db.com/exploits/46164

The writeup describes a remote command injection vulnerability (CVE-2018-10093) in AudioCodes 400HD IP phones, specifically the `command.cgi` script, which allows authenticated attackers to execute arbitrary commands. The vulnerability is demonstrated with an example of reading `/etc/passwd`.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: AudioCodes 420HD IP phone (firmware version: 2.2.12.126)
Auth required
Prerequisites: Authenticated access to the web interface · Admin credentials
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

AudioCodes 420HD - Remote Code Execution
HIGHby wisnupramoedya

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/151116/AudioCode-400HD-Remote-Command-Injection.html
Exploit, Mailing List, Third Party Advisory x_refsource_misc
http://seclists.org/fulldisclosure/2019/Jan/38
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/46164/

Scores

CVSS v3 8.8
EPSS 0.6868
EPSS Percentile 99.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-862
Status published
Products (1)
audiocodes/420hd_ip_phone_firmware 2.2.12.126
Published Mar 21, 2019
Tracked Since Feb 18, 2026