CVE-2024-58314
Authenticated Command Injection in Atcom 100M IP Phone Firmware
Publication date: 2025-12-12
Last updated on: 2025-12-12
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| atcom | 100m_ip_phones | 2.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Atcom 100M IP Phones firmware version 2.7.x.x. It is an authenticated command injection flaw in the web configuration CGI script, specifically through the 'cmd' parameter in web_cgi_main.cgi. Attackers with administrative credentials can inject arbitrary shell commands, leading to remote code execution on the device.
How can this vulnerability impact me? :
If exploited, this vulnerability allows an attacker with administrative access to execute arbitrary system commands remotely on the affected IP phone. This can lead to full compromise of the device, unauthorized control, data theft, disruption of service, or use of the device as a pivot point for further attacks within the network.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending an authenticated POST request to the endpoint `/cgi-bin/web_cgi_main.cgi?user_get_phone_ping` with a specially crafted payload in the `cmd` parameter to test for command injection. For example, a command injection test payload like `0.0.0.0$(pwd)` can be used. The response will include a base64-encoded result in the JSON field `ping_cmd_result`, which when decoded reveals the output of the injected command, confirming the vulnerability. The request must include an Authorization header using Digest authentication with valid administrative credentials. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting administrative access to the web configuration interface of Atcom 100M IP Phones, ensuring only trusted and authenticated users can access it. Applying firmware updates or patches from Atcom, if available, is recommended. Additionally, monitoring and limiting network access to the device's management interface and employing network segmentation can reduce exposure. Since the vulnerability requires administrative credentials, enforcing strong password policies and multi-factor authentication can help mitigate risk. [1, 2]