Every CVE whose affected-product data names Akuvox E11 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2023-0345 — CVSS 9.8 (critical): The Akuvox E11 secure shell (SSH) server is enabled by default and can be accessed by the root user. This password cannot be changed by the…
CVE-2023-0352 — CVSS 9.1 (critical): The Akuvox E11 password recovery webpage can be accessed without authentication, and an attacker could download the device key file. An…
CVE-2023-0354 — CVSS 9.1 (critical): The Akuvox E11 web server can be accessed without any user authentication, and this could allow an attacker to access sensitive…
CVE-2023-0344 — CVSS 9.1 (critical): Akuvox E11 appears to be using a custom version of dropbear SSH server. This server allows an insecure option that by default is not in the…
CVE-2023-0351 — CVSS 8.8 (high): The Akuvox E11 web server backend library allows command injection in the device phone-book contacts functionality. This could allow an…
CVE-2023-0348 — CVSS 7.5 (high): Akuvox E11 allows direct SIP calls. No access control is enforced by the SIP servers, which could allow an attacker to contact any device…
CVE-2023-0346 — CVSS 7.5 (high): Akuvox E11 cloud login is performed through an unencrypted HTTP connection. An attacker could gain access to the Akuvox cloud and device if…
CVE-2023-0347 — CVSS 7.5 (high): The Akuvox E11 Media Access Control (MAC) address, a primary identifier, combined with the Akuvox E11 IP address, could allow an attacker…
CVE-2023-0349 — CVSS 7.5 (high): The Akuvox E11 libvoice library provides unauthenticated access to the camera capture for image and video. This could allow an attacker to…
CVE-2023-0353 — CVSS 7.2 (high): Akuvox E11 uses a weak encryption algorithm for stored passwords and uses a hard-coded password for decryption which could allow the…
CVE-2023-0355 — CVSS 6.5 (medium): Akuvox E11 uses a hard-coded cryptographic key, which could allow an attacker to decrypt sensitive information.
CVE-2023-0350 — CVSS 6.5 (medium): Akuvox E11 does not ensure that a file extension is associated with the file provided. This could allow an attacker to upload a file to the…
CVE-2023-0343 — CVSS 6.5 (medium): Akuvox E11 contains a function that encrypts messages which are then forwarded. The IV vector and the key are static, and this may allow an…