Approved changes feed: RSS · Atom

cpe:2.3:h:al-enterprise:8008:-:*:*:*:*:*:*:*

part: h version: - update: *

VendorAl Enterprise (10c49c56-b3a1-56a7-9a3b-2666db7c1ead)
Product8008 (0e2c8ce2-a048-5f3a-8544-990416782ce2)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2019-14260 not_vulnerable 2026-06-08 05:12:54.349989 Details available
On the Alcatel-Lucent Enterprise (ALE) 8008 Cloud Edition Deskphone VoIP phone with firmware 1.50.13, a command injection (missing input validation) issue in the password change field for the Change Password interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request.
Published: 2019-08-01T19:15:14.000Z
Updated: 2024-08-05T00:12:43.427Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.