:: Deepquest ::

RedTeam Pentesting discovered a vulnerability in the web-based management interface of the Auerswald COMpact 5500R PBX which allows low-privileged users to access passwords of administrative user accounts. Affected versions include 8.0B and below.

The recent commit #9c4440 introduces two vulnerabilities to libcontainer that can be exploited by an attacker with partial control over the bind mount sources of a new container.

RedTeam Pentesting discovered a vulnerability in the web-based management interface of the Auerswald COMpact 5500R PBX which allows users with the “sub-admin” privilege to access any files on the PBX’s file system. Versions 8.0B and below are affected.

RedTeam Pentesting discovered several backdoors in the firmware for the Auerswald COMpact 5500R PBX. These backdoors allow attackers who are able to access the web-based management application full administrative access to the device. Versions 8.0B and below are affected.

Croogo 3.0.2 – Remote Code Execution (Authenticated)

Auerswald COMpact 8.0B – Multiple Backdoors

Auerswald COMpact 8.0B – Arbitrary File Disclosure

Auerswald COMfortel 2.8F – Authentication Bypass

Auerswald COMpact 8.0B – Privilege Escalation

HCL Lotus Notes V12 – Unquoted Service Path