GCVE - cpe:2.3:a:audiocodes:device_manager_express:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:audiocodes:device_manager_express:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Audiocodes (`c9d739e3-388b-5111-9d13-7f2977972a70`)
Product	Device Manager Express (`2e1817f1-c0d8-5755-b206-8e2d0b18551f`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-24632`	vulnerable	2026-06-03 14:46:30.760654	Details available An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is directory traversal during file download via the BrowseFiles.php view parameter. Published: 2023-05-29T00:00:00.000Z Updated: 2025-01-14T15:26:16.999Z Open on db.gcve.eu Reference links http://seclists.org/fulldisclosure/2023/Feb/12	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-24631`	vulnerable	2026-06-03 14:46:30.760407	Details available An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is stored XSS via the ajaxTenants.php desc parameter. Published: 2023-05-29T00:00:00.000Z Updated: 2025-01-14T15:28:17.764Z Open on db.gcve.eu Reference links http://seclists.org/fulldisclosure/2023/Feb/12	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-24630`	vulnerable	2026-06-03 14:46:30.760140	Details available An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. BrowseFiles.php allows a ?cmd=ssh POST request with an ssh_command field that is executed. Published: 2023-05-29T00:00:00.000Z Updated: 2025-01-14T15:30:14.984Z Open on db.gcve.eu Reference links http://seclists.org/fulldisclosure/2023/Feb/12	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-24629`	vulnerable	2026-06-03 14:46:30.759870	Details available An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code execution can be achieved via directory traversal in the dir parameter of the file upload functionality of BrowseFiles.php. An attacker can upload a .php file to WebAdmin/admin/AudioCodes_files/ajax/. Published: 2023-05-29T00:00:00.000Z Updated: 2025-01-14T17:19:33.397Z Open on db.gcve.eu Reference links http://seclists.org/fulldisclosure/2023/Feb/12	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-24628`	vulnerable	2026-06-03 14:46:30.759548	Details available An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is authenticated SQL injection in the id parameter of IPPhoneFirmwareEdit.php. Published: 2023-05-29T00:00:00.000Z Updated: 2025-01-14T17:20:26.367Z Open on db.gcve.eu Reference links http://seclists.org/fulldisclosure/2023/Feb/12	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-24627`	vulnerable	2026-06-03 14:46:30.759143	Details available An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form. Published: 2023-05-29T00:00:00.000Z Updated: 2025-01-14T17:23:20.222Z Open on db.gcve.eu Reference links http://seclists.org/fulldisclosure/2023/Feb/12	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.