CVE-2019-12325

Name of the Vulnerable Software and Affected Versions Htek UC902 VoIP phone version 2.0.4.4.46

Description The issue concerns buffer overflow vulnerabilities in the web management interface of the Htek UC902 VoIP phone. These vulnerabilities can be exploited to crash the device, resulting in a denial of service (DoS), or to execute code, allowing an attacker to spawn a remote shell as a root user. The exploitation of these vulnerabilities can occur without authentication for a DoS attack, or with user authentication for code execution.

Recommendations For version 2.0.4.4.46, consider restricting access to the web management interface until a patch is available to prevent potential exploitation. As a temporary workaround, limit user authentication to essential personnel to minimize the risk of code execution.