CVE-2019-12704— Cisco SPA100 Series Analog Telephone Adapters Web-Based Management Interface File Disclosure Vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2019-12704
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco SPA100 Series Analog Telephone Adapters Web-Based Management Interface File Disclosure Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to view the contents of arbitrary files on an affected device. The vulnerability is due to improper input validation in the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to retrieve the contents of arbitrary files on the device, possibly resulting in the disclosure of sensitive information.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco SPA100 Series Analog Telephone Adapters 信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco SPA100 Series Analog Telephone Adapters(ATAs)是美国思科(Cisco)公司的一款SPA100系列模拟电话适配器。 使用1.4.1 SR3及之前版本固件的Cisco SPA100 Series ATAs中基于Web的管理界面存在信息泄露漏洞,该漏洞源于程序没有进行正确的输入验证。远程攻击者可通过发送特制的请求利用该漏洞检索设备上的任意文件内容。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Cisco | Cisco SPA112 2-Port Phone Adapter | unspecified ~ n/a | - |
II. Public POCs for CVE-2019-12704
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2019-12704
请登录查看更多情报信息。
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-spa-ui-disclosurevendor-advisoryx_refsource_CISCO
- https://nvd.nist.gov/vuln/detail/CVE-2019-12704
Same Patch Batch · Cisco · 2019-10-16 · 41 CVEs total
| CVE-2019-15240 | Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities | |
| CVE-2019-15250 | Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities | |
| CVE-2019-15251 | Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities | |
| CVE-2019-15247 | Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities | |
| CVE-2019-15248 | Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities | |
| CVE-2019-15246 | Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities | |
| CVE-2019-15244 | Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities | |
| CVE-2019-15245 | Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities | |
| CVE-2019-15242 | Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities | |
| CVE-2019-15243 | Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities | |
| CVE-2019-15249 | Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities | |
| CVE-2019-15241 | Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities | |
| CVE-2019-12705 | Cisco Expressway Series and TelePresence Video Communication Server Cross-Site Scripting V | |
| CVE-2019-12708 | Cisco SPA100 Series Analog Telephone Adapters Administrative Credentials Information Discl | |
| CVE-2019-12718 | Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability | |
| CVE-2019-12703 | Cisco SPA122 ATA with Router Devices DHCP Services Cross-Site Scripting Vulnerability | |
| CVE-2019-12638 | Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability | |
| CVE-2019-12702 | Cisco SPA100 Series Analog Telephone Adapters Reflected Cross-Site Scripting Vulnerability | |
| CVE-2019-12636 | Cisco Small Business Smart and Managed Switches Cross-Site Request Forgery Vulnerability | |
| CVE-2019-12637 | Cisco Identity Services Engine Multiple Stored Cross-Site Scripting Vulnerabilities |
Showing top 20 of 41 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Cisco SPA112 2-Port Phone Adapter
- CVE-2019-15257
Cisco SPA100 Series Analog Telephone Adapters Running Config - CVE-2019-15258
Cisco SPA100 Series Analog Telephone Adapters Web Management - CVE-2019-15252
Cisco SPA100 Series Analog Telephone Adapters Remote Code Ex - CVE-2019-15251
Cisco SPA100 Series Analog Telephone Adapters Remote Code Ex - CVE-2019-15249
Cisco SPA100 Series Analog Telephone Adapters Remote Code Ex
Same vendor: Cisco
- CVE-2026-20219
Cisco Slido 安全漏洞 - CVE-2026-20034
Cisco Unity Connection Remote Code Execution Vulnerability - CVE-2026-20035
Cisco Unity Connection Server-Side Request Forgery Vulnerabi - CVE-2026-20167
Cisco IoT Field Network Director Remote Device Denial of Ser - CVE-2026-20169
Cisco IoT Field Network Director Command Injection Vulnerabi
Same weakness: CWE-200
- CVE-2026-42333
quarkus-openapi-generator has overly broad path-parameter ma - CVE-2026-8198
Activity Logs, User Activity Tracking, Multisite Activity Lo - CVE-2026-42456
AnythingLLM: Cross-User TTS Audio Disclosure via Chat ID (ID - CVE-2026-41520
Cillium exposes sensitive information included in the cilium - CVE-2026-25199
Apache CloudStack: Proxmox Extension Allows Unauthorized Cro
V. Comments for CVE-2019-12704
No comments yet