critical
10
CWE
77 78
Advisory Published
Updated

CVE-2014-2650: Command Injection

First published: Thu Jan 09 2020(Updated: )

Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an OS command injection vulnerability in the web based management interface

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Atos Openstage 80 Firmware=v3-r3.11.0
Atos Openstage 80 G
Atos Openstage 80 Firmware=v3-r3.11.0
Atos Openstage 80 G
Atos Openstage 60 G Firmware=v3-r3.11.0
Atos Openstage 60 G
Atos Openstage 60 Firmware=v3-r3.11.0
Unify Openstage 60
Unify Openstage 40 Firmware=v3-r3.11.0
Unify Openstage 40
Atos Openstage 40 G Firmware=v3-r3.11.0
Atos Openstage 40 G Firmware
Unify Openstage 20 Firmware=v3-r3.11.0
Unify Openstage 20e
Unify Openstage 20 Firmware=v3-r3.11.0
Unify Openstage 20e
Atos Openstage 20 G Firmware=v3-r3.11.0
Atos Openstage 20 G Firmware
Unify Openstage 15 Firmware=v3-r3.11.0
Atos Openstage 15
Atos Openstage 15=v3-r3.11.0
Atos Openstage 15 G Firmware
Atos Openstage 5 Firmware=v3-r3.11.0
Atos Openstage 5
Unify OpenScape Desk Phone IP 35G=v3-r3.11.0
Unify OpenScape Desk Phone IP 35G HFA Firmware
Atos OpenStage 35G=v3-r3.11.0
Atos Openscape Desk Phone IP 35G Eco Firmware
Unify OpenScape Desk Phone IP 55G SIP Firmware=v3-r3.11.0
Atos OpenScape Desk Phone IP 55G

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2014-2650?

    CVE-2014-2650 is a vulnerability in the Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP that allows for OS command injection through the web-based management interface.

  • Is Atos Openstage 80 Firmware affected by CVE-2014-2650?

    Yes, Atos Openstage 80 Firmware v3-r3.11.0 is affected by CVE-2014-2650.

  • How severe is CVE-2014-2650?

    CVE-2014-2650 has a severity rating of 9.8, which is considered critical.

  • How can I fix CVE-2014-2650?

    To fix CVE-2014-2650, update your Unify OpenStage / OpenScape Desk Phone IP to V3 R3.11.0 or later.

  • Where can I find more information about CVE-2014-2650?

    You can find more information about CVE-2014-2650 in the security advisories from Unify: [link to security advisories](https://networks.unify.com/security/advisories/OBSO-1403-01.pdf).

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203