Skip to main content

Out-of-bounds Write


Severity High
Score 8.8/10


The Htek UC902 VoIP phone web management interface contains several buffer overflow vulnerabilities in the firmware version, which allow an attacker to crash the device (DoS) without authentication or execute code (authenticated as a user) to spawn a remote shell as a root user.

  • LOW
  • HIGH
  • NONE
  • LOW
  • HIGH
  • HIGH

CWE-787 - Out-of-Bounds Write

Out-of-bounds write vulnerability is a memory access bug that allows software to write data past the end or before the beginning of the intended buffer. This may result in the corruption of data, a crash, or arbitrary code execution.


Advisory Timeline

  • Published