RCE in Atcom Technology Co., Ltd. 100m Ip Phones
CVE-2024-58314
Atcom 100M IP Phones firmware version 2.7.x.x contains an authenticated command injection vulnerability in the web configuration CGI script that allows attackers to execute arbitrary system commands. Attackers can inject shell commands thr…
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.014 (69.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Atcom Technology Co., Ltd. 100m Ip Phones — versions 2.7
Weakness classification (CWE)
References
- disclosure@vulncheck.com (exploit)
- disclosure@vulncheck.com (product)
- disclosure@vulncheck.com (third-party-advisory)
Frequently asked questions
- What is CVE-2024-58314?
- CVE-2024-58314 is a high-severity vulnerability in Atcom Technology Co., Ltd. 100m Ip Phones, classified under OS Command Injection. CVSS score: 8.8/10. Published 2025-12-12.
- How severe is CVE-2024-58314?
- High severity. CVSS v3 base score is 8.8 out of 10.