Vulnerability Database

314,373

Total vulnerabilities in the database

CVE-2024-58314

Atcom 100M IP Phones firmware version 2.7.x.x contains an authenticated command injection vulnerability in the web configuration CGI script that allows attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'cmd' parameter in web_cgi_main.cgi, enabling remote code execution with administrative credentials.

Published: Dec 12, 2025
Updated: Dec 14, 2025
CVE: CVE-2024-58314
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

No affected software listed.

https://www.atcom.cn/html/yingwenban/Product/Fast_IP_phone/2017/1023/135.html
https://www.exploit-db.com/exploits/51742
https://www.vulncheck.com/advisories/atcom-xx-authenticated-command-injection-via-web-configuration-cgi

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo