Remote Command Injection on Akuvox
| VCSA ID | VCSA-59 |
| CVSS SCORE | 9.8 |
| AFFECTED VENDORS | Akuvox |
| AFFECTED PRODUCTS | C315 |
| AFFECTED VERSIONS | 115.116.2613 |
| DESCRIPTION | Akuvox C315 115.116.2613 allows remote command Injection via the cfgd_server service. The attack vector is sending a payload to port 189 (default root 0.0.0.0). |
| DISCLOSURE LINK | https://blog.viettelcybersecurity.com/thanh-pho-thong-minh-co-the-bi-hack-nhu-the-nao/ |
| SOLUTION | Update to latest version |
| CREDIT | Hà Văn Toàn |
| REPORT TIME | 2021-04-25 |
| PUBLISHED TIME | 2021-07-25 |
| DISCLOSURE TIMELINE | • 25/04/2021 – Reported the vulnerability to the vendor • 26/05/2021 – The vendor accepted the report and publish the patch |
| REFERENCES | • https://cvedata.com/cve/CVE-2021-31726/ • https://www.akuvox.com/ProductsDisp.aspx?pid=21 |