Atcom CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (8 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-58314	1 Atcom	1 100m Ip Phones	2025-12-14	8.8 High
Atcom 100M IP Phones firmware version 2.7.x.x contains an authenticated command injection vulnerability in the web configuration CGI script that allows attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'cmd' parameter in web_cgi_main.cgi, enabling remote code execution with administrative credentials.
CVE-2014-2318	1 Atcom	1 Netvolution	2025-04-12	N/A
SQL injection vulnerability in ATCOM Netvolution 3 allows remote attackers to execute arbitrary SQL commands via the m parameter.
CVE-2009-5103	1 Atcom	1 Netvolution	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in ATCOM Netvolution 1.0 ASP allows remote attackers to inject arbitrary web script or HTML via the email variable.
CVE-2011-3340	1 Atcom	1 Netvolution	2025-04-11	N/A
SQL injection vulnerability in ATCOM Netvolution 2.5.8 ASP allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header.
CVE-2009-5102	1 Atcom	1 Netvolution	2025-04-11	N/A
SQL injection vulnerability in default.asp in ATCOM Netvolution 1.0 ASP allows remote attackers to execute arbitrary SQL commands via the bpe_nid parameter.
CVE-2010-4967	1 Atcom	1 Netvolution	2025-04-11	N/A
SQL injection vulnerability in default.asp in ATCOM Netvolution 2.5.6 allows remote attackers to execute arbitrary SQL commands via the artID parameter.
CVE-2010-4966	1 Atcom	1 Netvolution	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in default.asp in ATCOM Netvolution allows remote attackers to inject arbitrary web script or HTML via the query parameter in a Search action.
CVE-2019-12328	1 Atcom	2 A10w, A10w Firmware	2024-11-21	N/A
A command injection (missing input validation) issue in the remote phonebook configuration URI in the web interface of the Atcom A10W VoIP phone with firmware 2.6.1a2421 allows an authenticated remote attacker in the same network to trigger OS commands via shell metacharacters in a POST request.

Page 1 of 1.