Auerswald COMfortel 1400/2600/3600 IP 2.8F Authentication Bypass

Posted on 06 December 2021

RedTeam Pentesting discovered a vulnerability in the web-based configuration management interface of the Auerswald COMfortel 1400 and 2600 IP desktop phones. The vulnerability allows accessing configuration data and settings in the web-based management interface without authentication. Versions 2.8F and below are affected.