Vulnerability Details CVE-2018-18871
Missing password verification in the web interface on Gigaset Maxwell Basic VoIP phones with firmware 2.22.7 would allow a remote attacker (in the same network as the device) to change the admin password without authentication (and without knowing the original password).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 5.0
References
Products affected by CVE-2018-18871
-
cpe:2.3:h:gigasetpro:maxwell_basic:-
-
cpe:2.3:o:gigasetpro:maxwell_basic_firmware:2.22.7