Arbitrary Code Execution via Manipulated Ringtone Upload in Akuvox R50P VoIP Phone 50.0.6.156
CVE-2019-12326 · HIGH Severity
AV:N/AC:L/AU:N/C:C/I:C/A:C
Missing file and path validation in the ringtone upload function of the Akuvox R50P VoIP phone 50.0.6.156 allows an attacker to upload a manipulated ringtone file, with an executable payload (shell commands within the file) and trigger code execution.
Learn more about our Web Application Penetration Testing UK.