A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper validation of user-supplied requests to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the device to stop responding, requiring manual intervention for recovery.
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Spa112_firmware | Cisco | * | 1.4.1 (excluding) |
| Spa112_firmware | Cisco | 1.4.1 (including) | 1.4.1 (including) |
| Spa112_firmware | Cisco | 1.4.1-sr1 (including) | 1.4.1-sr1 (including) |
| Spa112_firmware | Cisco | 1.4.1-sr2 (including) | 1.4.1-sr2 (including) |
| Spa112_firmware | Cisco | 1.4.1-sr3 (including) | 1.4.1-sr3 (including) |