CVE-2022-24632

MEDIUM

AudioCodes Device Manager Express <7.8.20002.47752 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-24632. PoCs published by Eric Flokstra.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in AudioCodes Device Manager Express, including SQL injection for authentication bypass, path traversal for file download, and arbitrary file upload for RCE. It provides a menu-driven interface for executing commands, uploading/downloading files, and adding a backdoor.

Description

An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is directory traversal during file download via the BrowseFiles.php view parameter.

Exploits (1)

exploitdb WORKING POC
by Eric Flokstra · pythonwebappsphp
https://www.exploit-db.com/exploits/51145

This exploit demonstrates multiple vulnerabilities in AudioCodes Device Manager Express, including SQL injection for authentication bypass, path traversal for file download, and arbitrary file upload for RCE. It provides a menu-driven interface for executing commands, uploading/downloading files, and adding a backdoor.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: AudioCodes Device Manager Express <= 7.8.20002.47752
No auth needed
Prerequisites: Network access to the target · Default or bypassable credentials
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Mailing List, Third Party Advisory
http://seclists.org/fulldisclosure/2023/Feb/12

Scores

CVSS v3 5.3
EPSS 0.2718
EPSS Percentile 97.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-22
Status published
Products (1)
audiocodes/device_manager_express < 7.8.20002.47752
Published May 29, 2023
Tracked Since Feb 18, 2026