CVE-2018-16219

HIGH

AudioCodes 405HD Firmware 2.2.12 - Unauthenticated Admin Password Change via Web Interface

Title source: llm
STIX 2.1

Description

A missing password verification in the web interface in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an remote attacker (in the same network as the device) to change the admin password without authentication via a POST request.

References (1)

Core 1
Core References
Exploit, Mitigation, Third Party Advisory x_refsource_misc
https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_AudioCodes_405HD.pdf

Scores

CVSS v3 8.8
EPSS 0.0122
EPSS Percentile 64.8%
Attack Vector ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-287
Status published
Products (1)
audiocodes/405hd_firmware 2.2.12
Published Apr 25, 2019
Tracked Since Feb 18, 2026