CVE-2019-12325

HIGH

Htek UC902 VoIP phone <2.0.4.4.46 - DoS/Buffer Overflow

Title source: llm
STIX 2.1

Description

The Htek UC902 VoIP phone web management interface contains several buffer overflow vulnerabilities in the firmware version 2.0.4.4.46, which allow an attacker to crash the device (DoS) without authentication or execute code (authenticated as a user) to spawn a remote shell as a root user.

References (1)

Core 1
Core References

Scores

CVSS v3 8.8
EPSS 0.0199
EPSS Percentile 78.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (1)
htek/uc902_firmware 2.0.4.4.46
Published Jul 22, 2019
Tracked Since Feb 18, 2026