Aplio Internet Phone Arbitrary Command Execution Vulnerability

A vulnerability exists in Aplio's IP phone (release 2.0.33 build #1). URLs submitted to the device are not properly filtered for shell meta characters. As a result, it is possible for a remote attacker to execute arbitrary shell commands on the host device. An attacker sufficiently familiar with the workings of this device may be able to carry out a denial of service against it, or otherwise interfere with normal operation (possibly intercepting calls, etc.)


 

Privacy Statement
Copyright 2010, SecurityFocus