CVE-2018-19978

Name of the Vulnerable Software and Affected Versions Auerswald COMfort 1200 IP phone version 3.4.4.1-10589

Description A buffer overflow issue exists in the DHCP and PPPOE configuration interface, allowing a remote attacker, authenticated as a simple user in the same network, to trigger remote code execution. This is achieved via a POST request to the web server on the device, specifically exploiting the ManufacturerName parameter. The web server runs with root privileges, and consequently, the injected code will also execute with root privileges.

Recommendations For Auerswald COMfort 1200 IP phone version 3.4.4.1-10589, consider restricting access to the web server interface to minimize the risk of exploitation. As a temporary workaround, limit the privileges of the web server to prevent code execution with root privileges until a patch is available.