CVE-2024-58314

Name of the Vulnerable Software and Affected Versions Atcom 100M IP Phones versions 2.7.x.x

Description The software contains an authenticated command injection issue in the web configuration CGI script. This allows attackers to execute arbitrary system commands. The cmd parameter within the 'web cgi main.cgi' script is the point of injection, enabling remote code execution with administrative credentials.

Recommendations Apply updates to address the issue in versions prior to a fixed version. As a temporary workaround, restrict access to the 'web cgi main.cgi' script to minimize the risk of exploitation. Avoid using the cmd parameter in the affected script until the issue is resolved.