CVE-2026-15482
Aster Telecom · Azcall
Aster Telecom Azcall versions 10 and 11 are affected by SQL injection and injection vulnerabilities that could allow unauthorized database manipulation.
Executive summary
Aster Telecom Azcall is vulnerable to injection attacks, posing a high risk of unauthorized data access and manipulation.
Vulnerability
This vulnerability involves SQL Injection (CWE-89) and general Injection (CWE-74) flaws. These issues allow unauthenticated remote attackers to inject malicious commands into the application, potentially leading to unauthorized interaction with the underlying database.
Business impact
Injection vulnerabilities are critical as they provide attackers with a direct pathway to extract, modify, or delete sensitive data from the backend database. With a CVSS score of 7.3, this represents a high-severity risk that could result in full database compromise and potential loss of administrative control over the Azcall telecommunications interface.
Remediation
Immediate Action: Contact Aster Telecom support or monitor the vendor advisory page for available patches. If no patch is available, restrict network access to the Azcall interface.
Proactive Monitoring: Inspect web application logs for SQL syntax errors or patterns indicative of injection attempts (e.g., unusual characters like single quotes, semicolons, or SQL keywords in input fields).
Compensating Controls: Deploy a Web Application Firewall (WAF) with strict SQL injection protection rules to filter and block malicious input before it reaches the Azcall application.
Exploitation status
Public Exploit Available: No (exploit_available: false)
Analyst recommendation
Due to the high risk associated with injection flaws, immediate defensive measures are required. Organizations should isolate the affected Azcall systems from public networks while awaiting a formal patch from Aster Telecom to address these critical security gaps.