CVE-2019-12326

Name of the Vulnerable Software and Affected Versions Akuvox R50P VoIP phone version 50.0.6.156

Description The issue is related to missing file and path validation in the ringtone upload function, allowing an attacker to upload a manipulated ringtone file with an executable payload, such as shell commands within the file, and trigger code execution.

Recommendations For version 50.0.6.156, consider disabling the ringtone upload function until a patch is available to prevent potential code execution. Restrict access to the ringtone upload module to minimize the risk of exploitation. Avoid using the vulnerable ringtone upload feature until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.