Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Spa300_firmware
(Cisco)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 4 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-09-12 | CVE-2016-1469 | The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows remote attackers to cause a denial of service (device outage) via a series of malformed HTTP requests, aka Bug ID CSCut67385. | Spa300_firmware, Spa500_firmware | 7.5 | ||
| 2017-10-19 | CVE-2017-12271 | A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. Cisco Bug IDs: CSCuz88421, CSCuz91356, CSCve56308. | Spa300_firmware, Spa500_firmware | 8.8 | ||
| 2015-12-15 | CVE-2015-6403 | The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400. | Spa300_firmware, Spa500_firmware | N/A | ||
| 2015-03-21 | CVE-2015-0670 | The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482. | Spa300_firmware, Spa500_firmware, Spa_301_1_line_ip_phone, Spa_302d, Spa_302dkit, Spa_303_3_line_ip_phone, Spa_501g_8\-Line_ip_phone, Spa_502g_1\-Line_ip_phone, Spa_504g_4\-Line_ip_phone, Spa_508g_8\-Line_ip_phone, Spa_509g_12\-Line_ip_phone, Spa_512g_1\-Line_ip_phone, Spa_514g_4\-Line_ip_phone, Spa_525g2_5\-Line_ip_phone, Spa_525g_5\-Line_ip_phone | N/A |