{"api_version":"1","generated_at":"2026-07-04T23:55:00+00:00","cve":"CVE-2022-24629","urls":{"html":"https://cve.report/CVE-2022-24629","api":"https://cve.report/api/cve/CVE-2022-24629.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-24629","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-24629"},"summary":{"title":"CVE-2022-24629","description":"An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code execution can be achieved via directory traversal in the dir parameter of the file upload functionality of BrowseFiles.php. An attacker can upload a .php file to WebAdmin/admin/AudioCodes_files/ajax/.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2023-05-29 21:15:00","updated_at":"2023-06-02 03:05:00"},"problem_types":["CWE-22"],"metrics":[],"references":[{"url":"http://seclists.org/fulldisclosure/2023/Feb/12","name":"http://seclists.org/fulldisclosure/2023/Feb/12","refsource":"MISC","tags":[],"title":"Full Disclosure: Multiple vulnerabilities in Audiocodes Device Manager Express","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-24629","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24629","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"24629","vulnerable":"1","versionEndIncluding":"7.8.20002.47752","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"audiocodes","cpe5":"device_manager_express","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2022-24629","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code execution can be achieved via directory traversal in the dir parameter of the file upload functionality of BrowseFiles.php. An attacker can upload a .php file to WebAdmin/admin/AudioCodes_files/ajax/."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"http://seclists.org/fulldisclosure/2023/Feb/12","url":"http://seclists.org/fulldisclosure/2023/Feb/12"}]}},"nvd":{"publishedDate":"2023-05-29 21:15:00","lastModifiedDate":"2023-06-02 03:05:00","problem_types":["CWE-22"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:audiocodes:device_manager_express:*:*:*:*:*:*:*:*","versionEndIncluding":"7.8.20002.47752","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2022","CveId":"24629","Ordinal":"227979","Title":"CVE-2022-24629","CVE":"CVE-2022-24629","Year":"2022"},"notes":[{"CveYear":"2022","CveId":"24629","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}