CVE-2021-40856

Name of the Vulnerable Software and Affected Versions Auerswald COMfortel 1400 IP and 2600 IP versions prior to 2.8G

Description The issue allows Authentication Bypass via the "/about/../" substring. This means that an attacker could potentially bypass authentication mechanisms by manipulating the URL path with the specified substring.

Recommendations For versions prior to 2.8G, update to version 2.8G or later to resolve the issue. As a temporary workaround, consider restricting access to the "/about" API endpoint until a patch is available. Avoid using the "/about/../" substring in API requests to minimize the risk of exploitation.